just-bash-mcp 2.9.4 → 3.0.0

package/src/index.ts

@@ -10,27 +10,23 @@
  * @see https://modelcontextprotocol.io
  */
 
-import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
-import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
-
-import { config } from "./config/index.ts";
-import { registerAllTools } from "./tools/index.ts";
+import {McpServer} from '@modelcontextprotocol/sdk/server/mcp.js'
+import {StdioServerTransport} from '@modelcontextprotocol/sdk/server/stdio.js'
+import {config} from './config/index.ts'
+import {registerAllTools} from './tools/index.ts'
 
 // ============================================================================
 // Server Initialization
 // ============================================================================
 
-const server = new McpServer({
-	name: config.SERVER_NAME,
-	version: config.VERSION,
-});
+const server = new McpServer({name: config.SERVER_NAME, version: config.VERSION})
 
 // Register all tools with the server
-registerAllTools(server);
+registerAllTools(server)
 
 // ============================================================================
 // Start Server
 // ============================================================================
 
-const transport = new StdioServerTransport();
-await server.connect(transport);
+const transport = new StdioServerTransport()
+await server.connect(transport)

package/src/tools/bash-instance.ts

@@ -10,30 +10,8 @@
  * - Network error classes for rich error reporting (handled in exec-tools/sandbox-tools)
  */
 
-import {
-	Bash,
-	type BashOptions,
-	type CustomCommand,
-	DefenseInDepthBox,
-	InMemoryFs,
-	MountableFs,
-	OverlayFs,
-	ReadWriteFs,
-	Sandbox,
-	type SandboxOptions,
-	defineCommand,
-} from "just-bash";
-
-import {
-	bashLogger,
-	buildDefenseInDepthConfig,
-	buildExecutionLimits,
-	buildNetworkConfig,
-	config,
-	parseMountsConfig,
-	traceCallback,
-	violationLogger,
-} from "../config/index.ts";
+import {Bash, type BashOptions, type CustomCommand, DefenseInDepthBox as UpstreamDefenseInDepthBox, InMemoryFs, MountableFs, OverlayFs, ReadWriteFs, Sandbox, type SandboxOptions, defineCommand} from 'just-bash'
+import {bashLogger, buildDefenseInDepthConfig, buildExecutionLimits, buildJavaScriptConfig, buildNetworkConfig, config, type DefenseInDepthConfig, type DefenseInDepthStats, parseMountsConfig, traceCallback, violationLogger} from '../config/index.ts'
 
 // ============================================================================
 // Bash Instance Factory
@@ -43,32 +21,39 @@ import {
 // Defense-in-Depth Box (singleton)
 // ============================================================================
 
-let defenseInDepthBox: DefenseInDepthBox | null = null;
+interface DefenseInDepthBoxInstance {
+ isActive(): boolean
+ getStats(): DefenseInDepthStats
+}
+
+const DefenseInDepthBox = UpstreamDefenseInDepthBox as unknown as {getInstance(config?: DefenseInDepthConfig | boolean): DefenseInDepthBoxInstance}
+
+let defenseInDepthBox: DefenseInDepthBoxInstance | null = null
 
 /**
  * Get or create the shared DefenseInDepthBox instance.
  * Returns null if defense-in-depth is disabled.
  */
-export function getDefenseInDepthBox(): DefenseInDepthBox | null {
-	const didConfig = buildDefenseInDepthConfig();
-	if (!didConfig) return null;
-
-	if (!defenseInDepthBox) {
-		defenseInDepthBox = new DefenseInDepthBox(didConfig);
-	}
-	return defenseInDepthBox;
+export function getDefenseInDepthBox(): DefenseInDepthBoxInstance | null {
+ const didConfig = buildDefenseInDepthConfig()
+ if (!didConfig) return null
+
+ if (!defenseInDepthBox) {
+  defenseInDepthBox = DefenseInDepthBox.getInstance(didConfig)
+ }
+ return defenseInDepthBox
 }
 
 /**
  * Get the shared SecurityViolationLogger for querying violation stats.
  */
-export { violationLogger } from "../config/index.ts";
+export {violationLogger} from '../config/index.ts'
 
 /**
  * Re-export defineCommand so downstream consumers can create custom commands
  * using the upstream API without importing just-bash directly.
  */
-export { defineCommand };
+export {defineCommand}
 
 // ============================================================================
 // Bash Instance Factory
@@ -77,127 +62,77 @@ export { defineCommand };
 /**
  * Create a new Bash instance with the given configuration
  */
-export function createBashInstance(
-	files?: Record<string, string>,
-	customCommands?: CustomCommand[],
-	env?: Record<string, string>,
-): Bash {
-	const networkConfig = buildNetworkConfig();
-	const executionLimits = buildExecutionLimits();
-	const defenseInDepthConfig = buildDefenseInDepthConfig();
-
-	const baseOptions: BashOptions = {
-		network: networkConfig,
-		executionLimits,
-		files,
-		env,
-		logger: bashLogger,
-		trace: traceCallback,
-		customCommands,
-		commands: config.ALLOWED_COMMANDS,
-		python: config.ENABLE_PYTHON,
-		defenseInDepth: defenseInDepthConfig,
-	};
-
-	// Check for mountable filesystem configuration
-	const mounts = parseMountsConfig();
-	if (mounts.length > 0) {
-		const mountableFs = new MountableFs({
-			base: new InMemoryFs(),
-			mounts,
-		});
-		return new Bash({
-			...baseOptions,
-			fs: mountableFs,
-			cwd: config.INITIAL_CWD,
-		});
-	}
-
-	// Check for read-write filesystem configuration
-	if (config.READ_WRITE_ROOT) {
-		const rwfs = new ReadWriteFs({
-			root: config.READ_WRITE_ROOT,
-			...(config.MAX_FILE_READ_SIZE !== undefined && {
-				maxFileReadSize: config.MAX_FILE_READ_SIZE,
-			}),
-		});
-		return new Bash({
-			...baseOptions,
-			fs: rwfs,
-			cwd: config.READ_WRITE_ROOT,
-		});
-	}
-
-	// Check for overlay filesystem configuration
-	if (config.OVERLAY_ROOT) {
-		const overlay = new OverlayFs({
-			root: config.OVERLAY_ROOT,
-			readOnly: config.OVERLAY_READ_ONLY,
-			...(config.MAX_FILE_READ_SIZE !== undefined && {
-				maxFileReadSize: config.MAX_FILE_READ_SIZE,
-			}),
-		});
-		return new Bash({
-			...baseOptions,
-			fs: overlay,
-			cwd: overlay.getMountPoint(),
-		});
-	}
-
-	// Default: in-memory filesystem
-	return new Bash({
-		...baseOptions,
-		cwd: config.INITIAL_CWD,
-	});
+export function createBashInstance(files?: Record<string, string>, customCommands?: CustomCommand[], env?: Record<string, string>): Bash {
+ const networkConfig = buildNetworkConfig()
+ const executionLimits = buildExecutionLimits()
+ const defenseInDepthConfig = buildDefenseInDepthConfig()
+ const javascriptConfig = buildJavaScriptConfig()
+
+ const baseOptions: BashOptions = {network: networkConfig, executionLimits, files, env, logger: bashLogger, trace: traceCallback, customCommands, commands: config.ALLOWED_COMMANDS, python: config.ENABLE_PYTHON, javascript: javascriptConfig, defenseInDepth: defenseInDepthConfig}
+
+ // Check for mountable filesystem configuration
+ const mounts = parseMountsConfig()
+ if (mounts.length > 0) {
+  const mountableFs = new MountableFs({base: new InMemoryFs(), mounts})
+  return new Bash({...baseOptions, fs: mountableFs, cwd: config.INITIAL_CWD})
+ }
+
+ // Check for read-write filesystem configuration
+ if (config.READ_WRITE_ROOT) {
+  const rwfs = new ReadWriteFs({root: config.READ_WRITE_ROOT, ...(config.MAX_FILE_READ_SIZE !== undefined && {maxFileReadSize: config.MAX_FILE_READ_SIZE})})
+  return new Bash({...baseOptions, fs: rwfs, cwd: config.READ_WRITE_ROOT})
+ }
+
+ // Check for overlay filesystem configuration
+ if (config.OVERLAY_ROOT) {
+  const overlay = new OverlayFs({root: config.OVERLAY_ROOT, readOnly: config.OVERLAY_READ_ONLY, ...(config.MAX_FILE_READ_SIZE !== undefined && {maxFileReadSize: config.MAX_FILE_READ_SIZE})})
+  return new Bash({...baseOptions, fs: overlay, cwd: overlay.getMountPoint()})
+ }
+
+ // Default: in-memory filesystem
+ return new Bash({...baseOptions, cwd: config.INITIAL_CWD})
 }
 
 // ============================================================================
 // Persistent Bash Instance (singleton pattern)
 // ============================================================================
 
-let persistentBash: Bash | null = null;
+let persistentBash: Bash | null = null
 
 /**
  * Get or create the persistent Bash instance
  */
 export function getPersistentBash(): Bash {
-	if (!persistentBash) {
-		persistentBash = createBashInstance();
-	}
-	return persistentBash;
+ if (!persistentBash) {
+  persistentBash = createBashInstance()
+ }
+ return persistentBash
 }
 
 /**
  * Reset the persistent Bash instance
  */
 export function resetPersistentBash(): void {
-	persistentBash = null;
+ persistentBash = null
 }
 
 // ============================================================================
 // Persistent Sandbox Instance (singleton pattern)
 // ============================================================================
 
-let persistentSandbox: Sandbox | null = null;
+let persistentSandbox: Sandbox | null = null
 
 /**
  * Get or create the persistent Sandbox instance.
  * Passes all available configuration including network and filesystem options.
  */
 export async function getPersistentSandbox(): Promise<Sandbox> {
-	if (!persistentSandbox) {
-		const networkConfig = buildNetworkConfig();
-		const options: SandboxOptions = {
-			cwd: config.INITIAL_CWD,
-			network: networkConfig,
-			maxCallDepth: config.MAX_CALL_DEPTH,
-			maxCommandCount: config.MAX_COMMAND_COUNT,
-			maxLoopIterations: config.MAX_LOOP_ITERATIONS,
-			...(config.OVERLAY_ROOT && { overlayRoot: config.OVERLAY_ROOT }),
-		};
-		persistentSandbox = await Sandbox.create(options);
-	}
-	return persistentSandbox;
+ if (!persistentSandbox) {
+  const networkConfig = buildNetworkConfig()
+  const options: SandboxOptions = {cwd: config.INITIAL_CWD, network: networkConfig, maxCallDepth: config.MAX_CALL_DEPTH, maxCommandCount: config.MAX_COMMAND_COUNT, maxLoopIterations: config.MAX_LOOP_ITERATIONS, ...(config.OVERLAY_ROOT && {overlayRoot: config.OVERLAY_ROOT})}
+  persistentSandbox = await Sandbox.create(options)
+ }
+ return persistentSandbox
 }
 
 /**
@@ -205,8 +140,8 @@ export async function getPersistentSandbox(): Promise<Sandbox> {
  * Calls Sandbox.stop() to clean up resources before releasing.
  */
 export async function resetPersistentSandbox(): Promise<void> {
-	if (persistentSandbox) {
-		await persistentSandbox.stop();
-	}
-	persistentSandbox = null;
+ if (persistentSandbox) {
+  await persistentSandbox.stop()
+ }
+ persistentSandbox = null
 }

package/src/tools/exec-tools.ts

@@ -9,157 +9,110 @@
  * - SecurityViolationError: Defense-in-depth violation detected
  */
 
-import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
-import {
-	NetworkAccessDeniedError,
-	RedirectNotAllowedError,
-	SecurityViolationError,
-	TooManyRedirectsError,
-} from "just-bash";
-import { z } from "zod/v4";
-import { createErrorResponse, formatExecResult } from "../utils/index.ts";
-import { createBashInstance, getPersistentBash, resetPersistentBash } from "./bash-instance.ts";
+import type {McpServer} from '@modelcontextprotocol/sdk/server/mcp.js'
+import {NetworkAccessDeniedError, RedirectNotAllowedError, SecurityViolationError, TooManyRedirectsError} from 'just-bash'
+import {z} from 'zod/v4'
+import {createErrorResponse, formatExecResult} from '../utils/index.ts'
+import {createBashInstance, getPersistentBash, resetPersistentBash} from './bash-instance.ts'
 
 /**
  * Classify errors from just-bash into user-friendly messages.
  * Uses upstream error classes for precise classification.
  */
 function classifyError(error: unknown, prefix: string) {
-	if (error instanceof NetworkAccessDeniedError) {
-		return createErrorResponse(error, `${prefix} [Network Access Denied]`);
-	}
-	if (error instanceof TooManyRedirectsError) {
-		return createErrorResponse(error, `${prefix} [Too Many Redirects]`);
-	}
-	if (error instanceof RedirectNotAllowedError) {
-		return createErrorResponse(error, `${prefix} [Redirect Not Allowed]`);
-	}
-	if (error instanceof SecurityViolationError) {
-		return createErrorResponse(error, `${prefix} [Security Violation]`);
-	}
-	return createErrorResponse(error, prefix);
+ if (error instanceof NetworkAccessDeniedError) {
+  return createErrorResponse(error, `${prefix} [Network Access Denied]`)
+ }
+ if (error instanceof TooManyRedirectsError) {
+  return createErrorResponse(error, `${prefix} [Too Many Redirects]`)
+ }
+ if (error instanceof RedirectNotAllowedError) {
+  return createErrorResponse(error, `${prefix} [Redirect Not Allowed]`)
+ }
+ if (error instanceof SecurityViolationError) {
+  return createErrorResponse(error, `${prefix} [Security Violation]`)
+ }
+ return createErrorResponse(error, prefix)
 }
 
 /**
  * Register bash execution tools with the MCP server
  */
 export function registerExecTools(server: McpServer): void {
-	// ========================================================================
-	// bash_exec - Isolated execution
-	// ========================================================================
-	server.registerTool(
-		"bash_exec",
-		{
-			description:
-				"Execute a bash command in a sandboxed environment. Each execution is isolated - environment variables, functions, and cwd don't persist across calls (filesystem does).",
-			inputSchema: {
-				command: z.string().describe("The bash command to execute"),
-				cwd: z.string().optional().describe("Working directory for the command"),
-				env: z
-					.record(z.string(), z.string())
-					.optional()
-					.describe("Environment variables to set for execution"),
-				initialEnv: z
-					.record(z.string(), z.string())
-					.optional()
-					.describe("Initial environment variables to set when creating the bash instance"),
-				files: z
-					.record(z.string(), z.string())
-					.optional()
-					.describe("Files to create before execution (path -> content)"),
-				rawScript: z
-					.boolean()
-					.optional()
-					.describe(
-						"If true, skip normalizing the script (preserves leading whitespace). Useful for here-docs.",
-					),
-			},
-		},
-		async ({
-			command,
-			cwd,
-			env,
-			initialEnv,
-			files,
-			rawScript,
-		}: {
-			command: string;
-			cwd?: string;
-			env?: Record<string, string>;
-			initialEnv?: Record<string, string>;
-			files?: Record<string, string>;
-			rawScript?: boolean;
-		}) => {
-			try {
-				const bash = createBashInstance(files, undefined, initialEnv);
-				const result = await bash.exec(command, { cwd, env, rawScript });
-				return formatExecResult(result);
-			} catch (error) {
-				return classifyError(error, "Execution error");
-			}
-		},
-	);
+ // ========================================================================
+ // bash - Upstream bash-tool compatible execution
+ // ========================================================================
+ server.registerTool(
+  'bash',
+  {description: 'Execute bash commands in the sandbox environment. Upstream-compatible MCP exposure of the just-bash/bash-tool execute interface. The persistent filesystem is shared across calls.', inputSchema: {command: z.string().describe('The bash command to execute')}},
+  async ({command}: {command: string}) => {
+   try {
+    const bash = getPersistentBash()
+    const result = await bash.exec(command)
+    return formatExecResult(result)
+   } catch (error) {
+    return classifyError(error, 'Execution error')
+   }
+  }
+ )
 
-	// ========================================================================
-	// bash_exec_persistent - Persistent execution
-	// ========================================================================
-	server.registerTool(
-		"bash_exec_persistent",
-		{
-			description:
-				"Execute a bash command in a persistent sandboxed environment. The filesystem persists across calls, but env vars, functions, and cwd are reset each call.",
-			inputSchema: {
-				command: z.string().describe("The bash command to execute"),
-				cwd: z.string().optional().describe("Working directory for the command"),
-				env: z.record(z.string(), z.string()).optional().describe("Environment variables to set"),
-				rawScript: z
-					.boolean()
-					.optional()
-					.describe(
-						"If true, skip normalizing the script (preserves leading whitespace). Useful for here-docs.",
-					),
-			},
-		},
-		async ({
-			command,
-			cwd,
-			env,
-			rawScript,
-		}: {
-			command: string;
-			cwd?: string;
-			env?: Record<string, string>;
-			rawScript?: boolean;
-		}) => {
-			try {
-				const bash = getPersistentBash();
-				const result = await bash.exec(command, { cwd, env, rawScript });
-				return formatExecResult(result);
-			} catch (error) {
-				return classifyError(error, "Execution error");
-			}
-		},
-	);
+ // ========================================================================
+ // bash_exec - Isolated execution
+ // ========================================================================
+ server.registerTool(
+  'bash_exec',
+  {
+   description: "Execute a bash command in a sandboxed environment. Each execution is isolated - environment variables, functions, and cwd don't persist across calls (filesystem does).",
+   inputSchema: {
+    command: z.string().describe('The bash command to execute'),
+    cwd: z.string().optional().describe('Working directory for the command'),
+    env: z.record(z.string(), z.string()).optional().describe('Environment variables to set for execution'),
+    initialEnv: z.record(z.string(), z.string()).optional().describe('Initial environment variables to set when creating the bash instance'),
+    files: z.record(z.string(), z.string()).optional().describe('Files to create before execution (path -> content)'),
+    rawScript: z.boolean().optional().describe('If true, skip normalizing the script (preserves leading whitespace). Useful for here-docs.')
+   }
+  },
+  async ({command, cwd, env, initialEnv, files, rawScript}: {command: string; cwd?: string; env?: Record<string, string>; initialEnv?: Record<string, string>; files?: Record<string, string>; rawScript?: boolean}) => {
+   try {
+    const bash = createBashInstance(files, undefined, initialEnv)
+    const result = await bash.exec(command, {cwd, env, rawScript})
+    return formatExecResult(result)
+   } catch (error) {
+    return classifyError(error, 'Execution error')
+   }
+  }
+ )
 
-	// ========================================================================
-	// bash_reset - Reset persistent environment
-	// ========================================================================
-	server.registerTool(
-		"bash_reset",
-		{
-			description: "Reset the persistent bash environment, clearing all files and state.",
-			inputSchema: {},
-		},
-		async () => {
-			resetPersistentBash();
-			return {
-				content: [
-					{
-						type: "text" as const,
-						text: "Persistent bash environment has been reset.",
-					},
-				],
-			};
-		},
-	);
+ // ========================================================================
+ // bash_exec_persistent - Persistent execution
+ // ========================================================================
+ server.registerTool(
+  'bash_exec_persistent',
+  {
+   description: 'Execute a bash command in a persistent sandboxed environment. The filesystem persists across calls, but env vars, functions, and cwd are reset each call.',
+   inputSchema: {
+    command: z.string().describe('The bash command to execute'),
+    cwd: z.string().optional().describe('Working directory for the command'),
+    env: z.record(z.string(), z.string()).optional().describe('Environment variables to set'),
+    rawScript: z.boolean().optional().describe('If true, skip normalizing the script (preserves leading whitespace). Useful for here-docs.')
+   }
+  },
+  async ({command, cwd, env, rawScript}: {command: string; cwd?: string; env?: Record<string, string>; rawScript?: boolean}) => {
+   try {
+    const bash = getPersistentBash()
+    const result = await bash.exec(command, {cwd, env, rawScript})
+    return formatExecResult(result)
+   } catch (error) {
+    return classifyError(error, 'Execution error')
+   }
+  }
+ )
+
+ // ========================================================================
+ // bash_reset - Reset persistent environment
+ // ========================================================================
+ server.registerTool('bash_reset', {description: 'Reset the persistent bash environment, clearing all files and state.', inputSchema: {}}, async () => {
+  resetPersistentBash()
+  return {content: [{type: 'text' as const, text: 'Persistent bash environment has been reset.'}]}
+ })
 }