log-llm-config-staging 1.3.97 → 1.3.99

package/dist/log_config_files/collection/claude_desktop_extensions_collector.js

@@ -19,6 +19,109 @@ function extensionsInstallationsPath(home) {
     const base = claudeAppSupportDir(home);
     return base ? join(base, 'extensions-installations.json') : '';
 }
+function claudeExtensionSettingsDir(home) {
+    const base = claudeAppSupportDir(home);
+    return base ? join(base, 'Claude Extensions Settings') : '';
+}
+/** Per-connector toggle: Claude Extensions Settings/<extension-id>.json → { isEnabled: boolean }. */
+function readClaudeDesktopExtensionEnableSettings(home) {
+    const settingsDir = claudeExtensionSettingsDir(home);
+    if (!settingsDir || !existsSync(settingsDir))
+        return new Map();
+    const out = new Map();
+    let entries;
+    try {
+        entries = readdirSync(settingsDir, { withFileTypes: true }).filter((d) => d.isFile());
+    }
+    catch {
+        return out;
+    }
+    for (const dirent of entries) {
+        if (!dirent.name.endsWith('.json'))
+            continue;
+        const extId = dirent.name.slice(0, -'.json'.length);
+        if (!extId)
+            continue;
+        const raw = readJSONFile(join(settingsDir, dirent.name));
+        if (!raw || typeof raw !== 'object')
+            continue;
+        const isEnabled = raw.isEnabled;
+        if (typeof isEnabled === 'boolean') {
+            out.set(extId, isEnabled);
+        }
+    }
+    return out;
+}
+function applyExtensionEnableSettingsToRawContent(rawContent, settings) {
+    if (settings.size === 0)
+        return 0;
+    const extensions = rawContent.extensions;
+    if (!extensions || typeof extensions !== 'object')
+        return 0;
+    let applied = 0;
+    for (const [extId, enabled] of settings) {
+        const ext = extensions[extId];
+        if (!ext || typeof ext !== 'object')
+            continue;
+        ext.isEnabled = enabled;
+        applied += 1;
+    }
+    return applied;
+}
+/**
+ * Upload each Claude Extensions Settings/*.json as its own config file (raw on-disk JSON).
+ * Do not merge isEnabled into extensions-installations.json — that mutates the payload
+ * vs the source file and creates spurious inventory audit diffs.
+ */
+function collectClaudeDesktopExtensionSettingsFiles(home = homedir()) {
+    const settingsDir = claudeExtensionSettingsDir(home);
+    if (!settingsDir || !existsSync(settingsDir))
+        return [];
+    let entries;
+    try {
+        entries = readdirSync(settingsDir, { withFileTypes: true }).filter((d) => d.isFile());
+    }
+    catch {
+        return [];
+    }
+    const results = [];
+    for (const dirent of entries) {
+        if (!dirent.name.endsWith('.json'))
+            continue;
+        const filePath = join(settingsDir, dirent.name);
+        const raw = readJSONFile(filePath);
+        if (!raw || typeof raw !== 'object')
+            continue;
+        results.push({
+            file_type: 'claude_extension_settings',
+            file_path: filePath,
+            raw_content: raw,
+        });
+    }
+    return results;
+}
+/**
+ * @deprecated Do not call during collection — mutates extensions-installations upload payloads.
+ * isEnabled is resolved server-side from claude_extension_settings uploads.
+ */
+function mergeClaudeDesktopExtensionEnableSettings(configFiles, home = homedir()) {
+    const settings = readClaudeDesktopExtensionEnableSettings(home);
+    if (settings.size === 0) {
+        return { applied: 0, settingsCount: 0 };
+    }
+    let applied = 0;
+    for (const entry of configFiles) {
+        if (entry.file_type !== 'claude_extensions_installations')
+            continue;
+        if (!entry.raw_content || typeof entry.raw_content !== 'object')
+            continue;
+        const extensions = entry.raw_content.extensions;
+        if (!extensions || typeof extensions !== 'object')
+            continue;
+        applied += applyExtensionEnableSettingsToRawContent(entry.raw_content, settings);
+    }
+    return { applied, settingsCount: settings.size };
+}
 function normalizePathForMatch(path) {
     return path.replace(/\\/g, '/');
 }
@@ -142,4 +245,4 @@ function collectClaudeDesktopExtensionManifests(home = homedir()) {
     }
     return results;
 }
-export { claudeAppSupportDir, claudeDesktopExtensionsDir, collectClaudeDesktopExtensionManifests, collectDiskOnlyClaudeDesktopExtensions, enrichClaudeDesktopExtensionsInstallationsUpload, };
+export { claudeAppSupportDir, claudeDesktopExtensionsDir, claudeExtensionSettingsDir, collectClaudeDesktopExtensionSettingsFiles, collectClaudeDesktopExtensionManifests, collectDiskOnlyClaudeDesktopExtensions, enrichClaudeDesktopExtensionsInstallationsUpload, mergeClaudeDesktopExtensionEnableSettings, readClaudeDesktopExtensionEnableSettings, };

package/dist/log_config_files/collection/config_collector.js

@@ -4,10 +4,51 @@ import { readJSONFile, readMCPConfig, readMarkdownFile, readInstalledExtensions
 import { getExtensionsCachePath, getExtensionsCacheInstalledSuffix, getVscdbPath } from '../paths/path_constants_helpers.js';
 import { resolvePatternToTargets, normalizePathSkipPrefixes } from '../paths/pattern_resolver.js';
 import { enrichRawFromRecipe } from './enrichment_helpers.js';
+import { applyCoworkSessionWhitelist } from './cowork_session_whitelist.js';
 import { collectDirectoryEntries, collectDirectoryMetadata } from './directory_collector.js';
 import { collectVscdbEntries } from '../readers/vscdb_config_builder.js';
 import { pushDerivedFilesFromRecipe } from './openclaw_helpers.js';
 import { collapseMetadataByFileType } from './metadata_merge.js';
+function withOpencodeEnvPatterns(patterns) {
+    const out = [...patterns];
+    const seen = new Set(out.map((p) => `${p.type}:${p.file_type}:${p.path}`));
+    const add = (pattern) => {
+        const key = `${pattern.type}:${pattern.file_type}:${pattern.path}`;
+        if (seen.has(key))
+            return;
+        seen.add(key);
+        out.push(pattern);
+    };
+    const envConfig = (process.env.OPENCODE_CONFIG || '').trim();
+    if (envConfig) {
+        add({
+            path: envConfig,
+            type: 'file',
+            file_type: 'opencode_mcp',
+            content_format: 'json',
+        });
+    }
+    const envDirRaw = (process.env.OPENCODE_CONFIG_DIR || '').trim();
+    if (!envDirRaw)
+        return out;
+    const envDir = envDirRaw.replace(/[\\/]+$/, '');
+    add({ path: `${envDir}/opencode.json`, type: 'file', file_type: 'opencode_mcp', content_format: 'json' });
+    add({ path: `${envDir}/opencode.jsonc`, type: 'file', file_type: 'opencode_mcp', content_format: 'json' });
+    add({ path: `${envDir}/command-hooks.json`, type: 'file', file_type: 'opencode_command_hooks', content_format: 'json' });
+    add({ path: `${envDir}/command-hooks.jsonc`, type: 'file', file_type: 'opencode_command_hooks', content_format: 'json' });
+    add({ path: `${envDir}/AGENTS.md`, type: 'file', file_type: 'opencode_rule', content_format: 'markdown' });
+    add({ path: `${envDir}/agents/`, type: 'dir', file_type: 'opencode_subagent', content_format: 'markdown', dir_glob: '*.md' });
+    add({ path: `${envDir}/commands/`, type: 'dir', file_type: 'opencode_command', content_format: 'markdown', dir_glob: '*.md' });
+    add({ path: `${envDir}/skills/`, type: 'dir', file_type: 'opencode_skill', content_format: 'markdown', dir_glob: '*.md' });
+    add({ path: `${envDir}/mcp-auth.json`, type: 'file', file_type: 'opencode_mcp_auth', content_format: 'json' });
+    add({ path: `${envDir}/managed.json`, type: 'file', file_type: 'opencode_managed_preference', content_format: 'json' });
+    add({ path: `${envDir}/package.json`, type: 'file', file_type: 'opencode_plugin_manifest', content_format: 'json' });
+    add({ path: `${envDir}/plugins/`, type: 'dir', file_type: 'opencode_plugin', content_format: 'text', dir_glob: '*' });
+    add({ path: `${envDir}/plugin/`, type: 'dir', file_type: 'opencode_plugin', content_format: 'text', dir_glob: '*' });
+    add({ path: `${envDir}/plugins/*/package.json`, type: 'file', file_type: 'opencode_plugin_manifest', content_format: 'json' });
+    add({ path: `${envDir}/plugin/*/package.json`, type: 'file', file_type: 'opencode_plugin_manifest', content_format: 'json' });
+    return out;
+}
 function buildCollectionContext(patterns, projectRoot, home, homeRecurseSkipDirs = [], absolutePathPrefixes = [], mcpToolGlobSpec = null, clientPathConstants = null, pathResolutionSpecs = null) {
     const seenPaths = new Set();
     const targets = [];
@@ -69,6 +110,16 @@ function collectRegularFileEntry(t, enrichByFileType) {
     const recipe = enrichByFileType[t.file_type];
     if (recipe)
         enrichRawFromRecipe(raw, recipe);
+    // Cowork session metadata: reduce to the PII whitelist (hash identity, drop
+    // server URLs, keep only the activity-signal keys) BEFORE it leaves the
+    // device. Drop the entry entirely if nothing whitelisted survives so raw
+    // session content can never be emitted (e.g. on a JSON parse failure).
+    if (t.file_type === 'cowork_session_metadata') {
+        const filtered = applyCoworkSessionWhitelist(raw);
+        if (filtered === null)
+            return null;
+        raw = filtered;
+    }
     return { file_type: t.file_type, file_path: t.logicalFilePath ?? t.path, raw_content: raw };
 }
 function collectMetadataEntry(t) {
@@ -99,7 +150,8 @@ function collectConfigFilesFromPatterns(patterns, projectRoot, onProgress, optio
     const vscdbPath = getVscdbPath(home, pathConstants);
     const extensionsCachePath = getExtensionsCachePath(home, pathConstants);
     const extensionsInstalledSuffix = getExtensionsCacheInstalledSuffix(pathConstants);
-    const { targets, enrichByFileType, metadataOnlyFileTypes } = buildCollectionContext(patterns, projectRoot, home, options?.home_recurse_skip_dirs ?? [], options?.absolute_path_prefixes ?? [], options?.mcp_tool_glob_spec ?? null, pathConstants, options?.path_resolution_specs ?? null);
+    const effectivePatterns = withOpencodeEnvPatterns(patterns);
+    const { targets, enrichByFileType, metadataOnlyFileTypes } = buildCollectionContext(effectivePatterns, projectRoot, home, options?.home_recurse_skip_dirs ?? [], options?.absolute_path_prefixes ?? [], options?.mcp_tool_glob_spec ?? null, pathConstants, options?.path_resolution_specs ?? null);
     const configFiles = [];
     const handledSpecialPaths = new Set();
     const loggedFileTypes = new Set();
@@ -156,7 +208,7 @@ export { collectConfigFilesFromPatterns };
 export { collectMcpToolFiles } from './mcp_tool_collector.js';
 export { collectConfigFilesFromInstalledPlugins, collectPluginCacheMcpFiles } from './plugin_collector.js';
 export { collectMcpFromClaudeJsonProjects } from './claude_known_projects_collector.js';
-export { collectClaudeDesktopExtensionManifests, enrichClaudeDesktopExtensionsInstallationsUpload, } from './claude_desktop_extensions_collector.js';
+export { collectClaudeDesktopExtensionManifests, collectClaudeDesktopExtensionSettingsFiles, enrichClaudeDesktopExtensionsInstallationsUpload, mergeClaudeDesktopExtensionEnableSettings, } from './claude_desktop_extensions_collector.js';
 export { collectCursorProjectWorkspaceMcpConfigs } from './cursor_project_mcp_collector.js';
 export { determineFileTypeFromPath } from './file_type_rules.js';
 export { enrichRawFromRecipe } from './enrichment_helpers.js';

package/dist/log_config_files/collection/cowork_session_whitelist.js

@@ -0,0 +1,89 @@
+/**
+ * PII boundary for Cowork session metadata (`local_<sessionId>.json`).
+ *
+ * Each Cowork session file carries ~47 KB of system prompt plus the user's
+ * conversation seed, selected folders, etc. We only need a small activity
+ * signal (which MCP servers were connected, recency, archived state). This
+ * reduces a parsed session object to a whitelist of top-level keys BEFORE it
+ * leaves the device — minimum-egress, matching DeepSecurityAndPrivacyEnhancer.
+ *
+ *   - Only the keys in ALLOWED_KEYS survive; everything else is dropped.
+ *   - `accountName` / `emailAddress` are sha256-hashed (cross-session joins
+ *     without storing raw identity).
+ *   - `remoteMcpServersConfig[]` keeps `{name, uuid, tools}` only; `url` is
+ *     dropped (remote-MCP endpoint URLs can embed workspace ids / tokens).
+ *
+ * The sibling `local_<sessionId>/` directory (audit.jsonl, outputs/, uploads/)
+ * is never collected — see the collection glob in agents/cowork.py. Server-side
+ * ingest re-validates the shape and rejects any denied key as defense in depth.
+ *
+ * See design_notes/Phase0_5CoworkActivityEvidence.md.
+ */
+import crypto from 'node:crypto';
+export const COWORK_SESSION_ALLOWED_KEYS = [
+    'sessionId',
+    'accountName', // hashed
+    'emailAddress', // hashed
+    'model',
+    'createdAt',
+    'lastActivityAt',
+    'isArchived',
+    'pluginsEnabled',
+    'skillsEnabled',
+    'memoryEnabled',
+    'hostLoopMode',
+    'cwd',
+    'enabledMcpTools', // dict "<serverUUID>:<tool>" -> bool
+    'remoteMcpServersConfig', // list of {name, uuid, tools} (url dropped)
+];
+const HASHED_KEYS = new Set(['accountName', 'emailAddress']);
+const REMOTE_SERVER_KEEP = ['name', 'uuid', 'tools'];
+function sha256Hex(value) {
+    return crypto.createHash('sha256').update(String(value)).digest('hex');
+}
+function sanitizeRemoteServers(value) {
+    if (!Array.isArray(value))
+        return [];
+    const out = [];
+    for (const entry of value) {
+        // Drop any non-object entry: a malformed/tampered remoteMcpServersConfig
+        // could carry a raw string (e.g. "https://…?token=…") that would otherwise
+        // survive the whitelist. Only keep whitelisted keys of well-formed objects.
+        if (entry === null || typeof entry !== 'object' || Array.isArray(entry))
+            continue;
+        const e = entry;
+        const kept = {};
+        for (const k of REMOTE_SERVER_KEEP) {
+            if (k in e)
+                kept[k] = e[k];
+        }
+        out.push(kept);
+    }
+    return out;
+}
+/**
+ * Reduce a parsed Cowork session object to the whitelisted, hashed shape.
+ * Returns `null` when nothing survives (e.g. a non-object or a file that
+ * failed to parse to the expected shape) so the caller can drop the entry
+ * rather than emit an empty row — and, critically, never emit raw content.
+ */
+export function applyCoworkSessionWhitelist(raw) {
+    if (raw === null || raw === undefined || typeof raw !== 'object')
+        return null;
+    const out = {};
+    for (const key of COWORK_SESSION_ALLOWED_KEYS) {
+        if (!(key in raw))
+            continue;
+        if (HASHED_KEYS.has(key)) {
+            const v = raw[key];
+            out[key] = v === null || v === undefined || v === '' ? '' : sha256Hex(v);
+        }
+        else if (key === 'remoteMcpServersConfig') {
+            out[key] = sanitizeRemoteServers(raw[key]);
+        }
+        else {
+            out[key] = raw[key];
+        }
+    }
+    return Object.keys(out).length > 0 ? out : null;
+}

package/dist/log_config_files/collection/cursor_project_mcp_collector.js

@@ -105,10 +105,45 @@ function isEphemeralCursorProjectDir(name) {
 function isInternalCursorWorkspaceSlug(slug) {
     return normalizeSlugPart(slug) === 'empty-window';
 }
+function readMcpToolCache(projectPath) {
+    const cachePath = join(projectPath, 'mcp-cache.json');
+    if (!existsSync(cachePath))
+        return null;
+    const cache = readJSONFile(cachePath);
+    if (cache && typeof cache === 'object' && !Array.isArray(cache)) {
+        return cache;
+    }
+    return null;
+}
+/** Tool schemas from mcp-cache.json for a connected mcps/ server (never creates inventory rows). */
+function cursorMcpCacheToolsForServer(cache, label, serverDirName) {
+    if (!cache)
+        return undefined;
+    const aliases = new Set();
+    const addAlias = (s) => {
+        const t = s.trim();
+        if (t)
+            aliases.add(t.toLowerCase());
+    };
+    addAlias(label);
+    addAlias(serverDirName);
+    if (serverDirName.startsWith('user-'))
+        addAlias(serverDirName.slice('user-'.length));
+    else
+        addAlias(`user-${label}`);
+    for (const [key, val] of Object.entries(cache)) {
+        if (!key.trim() || !aliases.has(key.trim().toLowerCase()))
+            continue;
+        if (val && typeof val === 'object' && Array.isArray(val.tools)) {
+            return val.tools;
+        }
+    }
+    return undefined;
+}
 /**
  * Cursor stores per-workspace MCP state under ~/.cursor/projects/<slug>/ (mcp-cache.json, mcps/*).
  * This is not the repo file at <repo>/.cursor/mcp.json. Upload one mcp_config per slug with
- * normalized mcpServers for inventory plus cursor_workspace metadata for scope display.
+ * mcpServers from mcps/ only; mcp-cache.json supplies supplementary tool schemas when names match.
  */
 function collectCursorProjectWorkspaceMcpConfigs(pathSkipPrefixes = [], constants, workspaceVscdbSpec, home = homedir()) {
     const skipPrefixes = normalizePathSkipPrefixes(pathSkipPrefixes);
@@ -136,18 +171,7 @@ function collectCursorProjectWorkspaceMcpConfigs(pathSkipPrefixes = [], constant
             continue;
         const mcpServers = {};
         const cachePath = join(projectPath, 'mcp-cache.json');
-        if (existsSync(cachePath)) {
-            const cache = readJSONFile(cachePath);
-            if (cache && typeof cache === 'object' && !Array.isArray(cache)) {
-                for (const [name, val] of Object.entries(cache)) {
-                    if (!name.trim())
-                        continue;
-                    if (val && typeof val === 'object' && Array.isArray(val.tools)) {
-                        mcpServers[name] = { cursor_source: 'mcp-cache.json' };
-                    }
-                }
-            }
-        }
+        const mcpToolCache = readMcpToolCache(projectPath);
         const mcpsPath = join(projectPath, 'mcps');
         if (existsSync(mcpsPath)) {
             try {
@@ -158,12 +182,17 @@ function collectCursorProjectWorkspaceMcpConfigs(pathSkipPrefixes = [], constant
                     const label = mcpServerLabelFromMcpsDir(serverDir.name, metaObj);
                     if (!label)
                         continue;
-                    if (!(label in mcpServers)) {
-                        mcpServers[label] = {
-                            cursor_source: 'mcps',
-                            server_identifier: serverDir.name,
-                        };
+                    if (label in mcpServers)
+                        continue;
+                    const entry = {
+                        cursor_source: 'mcps',
+                        server_identifier: serverDir.name,
+                    };
+                    const cacheTools = cursorMcpCacheToolsForServer(mcpToolCache, label, serverDir.name);
+                    if (cacheTools !== undefined) {
+                        entry.cursor_mcp_cache_tools = cacheTools;
                     }
+                    mcpServers[label] = entry;
                 }
             }
             catch {

package/dist/log_config_files/paths/pattern_resolver.js

@@ -25,7 +25,9 @@ function expandRecursiveGlobPathPattern(pathPattern, fileType, home, contentForm
         return [];
     }
     const targets = [];
-    const parts = after.split('/');
+    const parts = after.split('/').filter((s) => s.length > 0);
+    if (parts.length === 0)
+        return [];
     const dirName = parts[0];
     const fileName = parts.length > 1 ? parts[parts.length - 1] : null;
     const skipSet = homeRecurseSkipDirs.length ? new Set(homeRecurseSkipDirs) : new Set();
@@ -41,8 +43,21 @@ function expandRecursiveGlobPathPattern(pathPattern, fileType, home, contentForm
                     continue;
                 if (entry.name === dirName) {
                     const filePath = parts.length === 1 ? full : join(full, ...parts.slice(1));
-                    if (fileName && existsSync(filePath))
+                    if (parts.length === 1) {
+                        // e.g. ~/.cursor/plugins/cache/**/skills/ — collect each matched skills/ tree as a directory target
+                        if (existsSync(filePath)) {
+                            targets.push({
+                                path: filePath,
+                                file_type: fileType,
+                                isDirectory: true,
+                                content_format: contentFormat,
+                                dir_glob: dirGlob,
+                            });
+                        }
+                    }
+                    else if (fileName && existsSync(filePath)) {
                         targets.push({ path: filePath, file_type: fileType, content_format: contentFormat });
+                    }
                 }
                 walk(full, depth + 1, false);
             }
@@ -54,24 +69,18 @@ function expandRecursiveGlobPathPattern(pathPattern, fileType, home, contentForm
 }
 function expandGlobPathPattern(pathPattern, fileType, home, projectRoot, contentFormat, dirGlob, absolutePathPrefixes = []) {
     const norm = pathPattern.replace(/\\/g, '/');
-    const targets = [];
-    const asteriskIndex = norm.indexOf('*');
-    if (asteriskIndex === -1)
-        return targets;
+    if (!norm.includes('*'))
+        return [];
+    // `**` is the recursive-glob sigil handled by expandRecursiveGlobPathPattern.
+    if (norm.includes('**'))
+        return [];
     const isDir = norm.endsWith('/');
-    const [before, after] = norm.split('*');
-    const afterNorm = after.replace(/^\/+/, '');
-    // If `before` doesn't end with '/', the * is mid-segment (e.g. "extensions/saoudrizwan.claude-dev*/" →
-    // parent="extensions/", namePrefix="saoudrizwan.claude-dev"). Split on last '/' to get the real base dir.
-    let parentPart = before.replace(/\/+$/, '');
-    let namePrefix = '';
-    if (!before.endsWith('/')) {
-        const lastSlash = parentPart.lastIndexOf('/');
-        if (lastSlash !== -1) {
-            namePrefix = parentPart.slice(lastSlash + 1);
-            parentPart = parentPart.slice(0, lastSlash);
-        }
-    }
+    // Resolve the literal prefix that ends before the first wildcard segment.
+    const firstStarIndex = norm.indexOf('*');
+    const lastSlashBeforeStar = norm.lastIndexOf('/', firstStarIndex);
+    if (lastSlashBeforeStar === -1)
+        return [];
+    const parentPart = norm.slice(0, lastSlashBeforeStar);
     let basePath;
     if (parentPart.startsWith('~/')) {
         basePath = join(home, parentPart.slice(2));
@@ -83,20 +92,61 @@ function expandGlobPathPattern(pathPattern, fileType, home, projectRoot, content
         basePath = join(projectRoot, parentPart.startsWith('/') ? parentPart.slice(1) : parentPart);
     }
     if (!existsSync(basePath))
-        return targets;
-    try {
-        for (const entry of readdirSync(basePath, { withFileTypes: true })) {
-            if (!entry.isDirectory())
-                continue;
-            if (namePrefix && !entry.name.startsWith(namePrefix))
-                continue;
-            const resolvedPath = join(basePath, entry.name, afterNorm);
-            if (!existsSync(resolvedPath))
-                continue;
-            targets.push({ path: resolvedPath, file_type: fileType, isDirectory: isDir, dir_glob: dirGlob, content_format: contentFormat });
+        return [];
+    // Walk remaining segments. Each segment may be a bare wildcard '*' (matches
+    // any single directory), a prefix/suffix wildcard like 'foo*' or 'foo*bar',
+    // or a literal name. Recursion correctly handles multi-wildcard patterns
+    // such as ``*/*/cowork_plugins/marketplaces/*/.claude-plugin/marketplace.json``
+    // — the prior single-split implementation only expanded the first wildcard
+    // and silently pushed a partial directory path as the target, which then
+    // surfaced as EISDIR when downstream collectors tried to read it as a file.
+    const remaining = norm.slice(lastSlashBeforeStar + 1);
+    const segments = remaining.split('/').filter((s) => s !== '');
+    const targets = [];
+    function recurse(currentPath, segIdx) {
+        if (segIdx === segments.length) {
+            if (!existsSync(currentPath))
+                return;
+            targets.push({ path: currentPath, file_type: fileType, isDirectory: isDir, dir_glob: dirGlob, content_format: contentFormat });
+            return;
+        }
+        const seg = segments[segIdx];
+        if (seg === '*') {
+            if (!existsSync(currentPath))
+                return;
+            try {
+                for (const entry of readdirSync(currentPath, { withFileTypes: true })) {
+                    if (!entry.isDirectory())
+                        continue;
+                    recurse(join(currentPath, entry.name), segIdx + 1);
+                }
+            }
+            catch { /* ignore read errors */ }
+        }
+        else if (seg.includes('*')) {
+            const wildcardIdx = seg.indexOf('*');
+            const prefix = seg.slice(0, wildcardIdx);
+            const suffix = seg.slice(wildcardIdx + 1);
+            if (!existsSync(currentPath))
+                return;
+            try {
+                for (const entry of readdirSync(currentPath, { withFileTypes: true })) {
+                    if (!entry.isDirectory())
+                        continue;
+                    if (prefix && !entry.name.startsWith(prefix))
+                        continue;
+                    if (suffix && !entry.name.endsWith(suffix))
+                        continue;
+                    recurse(join(currentPath, entry.name), segIdx + 1);
+                }
+            }
+            catch { /* ignore read errors */ }
+        }
+        else {
+            recurse(join(currentPath, seg), segIdx + 1);
         }
     }
-    catch { /* ignore read errors */ }
+    recurse(basePath, 0);
     return targets;
 }
 /**

package/dist/log_config_files/readers/file_readers.js

@@ -1,10 +1,120 @@
 import { existsSync, readFileSync } from 'node:fs';
+function stripJsoncComments(input) {
+    let out = '';
+    let inString = false;
+    let quote = '';
+    let escaped = false;
+    let inLineComment = false;
+    let inBlockComment = false;
+    for (let i = 0; i < input.length; i += 1) {
+        const ch = input[i];
+        const next = i + 1 < input.length ? input[i + 1] : '';
+        if (inLineComment) {
+            if (ch === '\n') {
+                inLineComment = false;
+                out += ch;
+            }
+            continue;
+        }
+        if (inBlockComment) {
+            if (ch === '*' && next === '/') {
+                inBlockComment = false;
+                i += 1;
+            }
+            continue;
+        }
+        if (inString) {
+            out += ch;
+            if (escaped) {
+                escaped = false;
+            }
+            else if (ch === '\\') {
+                escaped = true;
+            }
+            else if (ch === quote) {
+                inString = false;
+                quote = '';
+            }
+            continue;
+        }
+        if (ch === '"' || ch === "'") {
+            inString = true;
+            quote = ch;
+            out += ch;
+            continue;
+        }
+        if (ch === '/' && next === '/') {
+            inLineComment = true;
+            i += 1;
+            continue;
+        }
+        if (ch === '/' && next === '*') {
+            inBlockComment = true;
+            i += 1;
+            continue;
+        }
+        out += ch;
+    }
+    return out;
+}
+function stripTrailingCommas(input) {
+    let out = '';
+    let inString = false;
+    let quote = '';
+    let escaped = false;
+    for (let i = 0; i < input.length; i += 1) {
+        const ch = input[i];
+        if (inString) {
+            out += ch;
+            if (escaped) {
+                escaped = false;
+            }
+            else if (ch === '\\') {
+                escaped = true;
+            }
+            else if (ch === quote) {
+                inString = false;
+                quote = '';
+            }
+            continue;
+        }
+        if (ch === '"' || ch === "'") {
+            inString = true;
+            quote = ch;
+            out += ch;
+            continue;
+        }
+        if (ch === ',') {
+            let j = i + 1;
+            while (j < input.length && /\s/.test(input[j]))
+                j += 1;
+            if (j < input.length && (input[j] === '}' || input[j] === ']'))
+                continue;
+        }
+        out += ch;
+    }
+    return out;
+}
+function parseJsonWithJsoncFallback(raw) {
+    try {
+        return JSON.parse(raw);
+    }
+    catch {
+        try {
+            const sanitized = stripTrailingCommas(stripJsoncComments(raw));
+            return JSON.parse(sanitized);
+        }
+        catch {
+            return null;
+        }
+    }
+}
 /** Read and parse an MCP config file. Returns null on any error. */
 function readMCPConfig(filePath) {
     try {
         if (!existsSync(filePath))
             return null;
-        return JSON.parse(readFileSync(filePath, 'utf-8'));
+        return parseJsonWithJsoncFallback(readFileSync(filePath, 'utf-8'));
     }
     catch (error) {
         console.error(`Error reading ${filePath}:`, error instanceof Error ? error.message : String(error));
@@ -16,7 +126,7 @@ function readJSONFile(filePath) {
     try {
         if (!existsSync(filePath))
             return null;
-        return JSON.parse(readFileSync(filePath, 'utf-8'));
+        return parseJsonWithJsoncFallback(readFileSync(filePath, 'utf-8'));
     }
     catch (error) {
         if (error.code === 'EACCES' || error.code === 'EPERM') {

package/dist/log_config_files/runtime/main_runner.js

@@ -13,7 +13,7 @@ import { ensureAuthentication } from '../auth/auth_flow.js';
 import { readJSONFile, readMarkdownFile } from '../readers/file_readers.js';
 import { isVscdbVirtualPath, tryReadVscdbVirtualFile, summarizeComposerPayloadForDiagnostics, } from '../readers/vscdb_config_builder.js';
 import { persistVscdbComposerContractFromPatternsResponse } from '../readers/vscdb_reader.js';
-import { collectConfigFilesFromPatterns, collectMcpToolFiles, collectConfigFilesFromInstalledPlugins, collectPluginCacheMcpFiles, collectMcpFromClaudeJsonProjects, collectClaudeDesktopExtensionManifests, enrichClaudeDesktopExtensionsInstallationsUpload, determineFileTypeFromPath, } from '../collection/config_collector.js';
+import { collectConfigFilesFromPatterns, collectMcpToolFiles, collectConfigFilesFromInstalledPlugins, collectPluginCacheMcpFiles, collectMcpFromClaudeJsonProjects, collectClaudeDesktopExtensionManifests, collectClaudeDesktopExtensionSettingsFiles, enrichClaudeDesktopExtensionsInstallationsUpload, determineFileTypeFromPath, } from '../collection/config_collector.js';
 import { collectWorkspaceVscdbs } from '../collection/mcp_tool_collector.js';
 import { collectCursorProjectWorkspaceMcpConfigs } from '../collection/cursor_project_mcp_collector.js';
 import { normalizePathSkipPrefixes } from '../paths/pattern_resolver.js';
@@ -98,6 +98,13 @@ async function collectAllConfigFiles(endpointBase) {
     hookRunLog(`merging disk-only Claude Desktop extensions into extensions-installations.json`);
     const diskExtMerge = enrichClaudeDesktopExtensionsInstallationsUpload(configFiles, HOME_DIR);
     hookRunLog(`claude desktop extensions: merged=${diskExtMerge.mergedCount} had_registry_upload=${diskExtMerge.hadRegistryUpload}`);
+    for (const entry of collectClaudeDesktopExtensionSettingsFiles(HOME_DIR)) {
+        const key = `${entry.file_type}\t${entry.file_path}`;
+        if (!existingPaths.has(key)) {
+            existingPaths.add(key);
+            configFiles.push(entry);
+        }
+    }
     if (!diskExtMerge.hadRegistryUpload && diskExtMerge.mergedCount > 0) {
         hookRunLog(`scanning Claude Desktop extension manifests on disk (no registry upload in batch)`);
         for (const entry of collectClaudeDesktopExtensionManifests(HOME_DIR)) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "log-llm-config-staging",
-  "version": "1.3.97",
+  "version": "1.3.99",
   "description": "CLI helpers for logging hardware UUIDs and posting startup payloads to Optimus Security.",
   "type": "module",
   "bin": {