log-llm-config 1.3.97 → 1.4.8

package/dist/apply_deferred_vscdb.js

@@ -1,9 +1,38 @@
 #!/usr/bin/env node
-/**
- * Runs after Cursor SIGKILL: applies queued state.vscdb patches from
- * ~/opt-ai-sec/management/optimus_deferred_vscdb_apply.json (see remediation_sync).
- */
+// Runs after Cursor SIGKILL: applies queued state.vscdb patches, then immediately runs
+// post-restart verification so the server gets `verified` without waiting for the next prompt.
 import { applyDeferredVscdbFromDisk } from './log_config_files/runtime/remediation_sync.js';
+import { runPostApplyVerification } from './log_config_files/runtime/compliance_check.js';
+import { hookRunLog } from './log_config_files/runtime/hook_logger.js';
+import { finalizeAndUploadComplianceSessionLog, setActiveComplianceLogPath, } from './log_config_files/runtime/compliance_session_log.js';
+const complianceLogPath = process.env.OPTIMUS_COMPLIANCE_LOG?.trim() || null;
+if (complianceLogPath) {
+    setActiveComplianceLogPath(complianceLogPath);
+}
 applyDeferredVscdbFromDisk()
-    .then((ok) => process.exit(ok ? 0 : 1))
+    .then(async (ok) => {
+    if (ok) {
+        try {
+            const outcomes = await runPostApplyVerification();
+            if (outcomes.length > 0) {
+                hookRunLog(`apply_deferred_vscdb: post_apply_verification count=${outcomes.length} ` +
+                    `verified=${outcomes.filter((o) => o.status === 'verified').length}`);
+            }
+            if (complianceLogPath) {
+                await finalizeAndUploadComplianceSessionLog(complianceLogPath);
+            }
+        }
+        catch (e) {
+            hookRunLog(`apply_deferred_vscdb: post_apply_verification error: ${e instanceof Error ? e.message : String(e)}`);
+            if (complianceLogPath) {
+                await finalizeAndUploadComplianceSessionLog(complianceLogPath, 'error');
+            }
+        }
+    }
+    else if (complianceLogPath) {
+        hookRunLog('apply_deferred_vscdb: apply failed');
+        await finalizeAndUploadComplianceSessionLog(complianceLogPath, 'error');
+    }
+    process.exit(ok ? 0 : 1);
+})
     .catch(() => process.exit(1));

package/dist/compliance_check_runner.js

@@ -1,8 +1,29 @@
 #!/usr/bin/env node
 import { complianceRunnerRunnerLine, hookLogAppendSection } from './log_config_files/runtime/hook_logger.js';
 import { runComplianceCheck } from './log_config_files/runtime/compliance_check.js';
+import { finalizeAndUploadComplianceSessionLog, initComplianceSessionForRunner, isFinalizeComplianceSessionArgv, isInflightComplianceLogPath, parseComplianceLogArg, resolveComplianceSessionLogPath, } from './log_config_files/runtime/compliance_session_log.js';
+import { existsSync } from 'node:fs';
 (async () => {
-    hookLogAppendSection('compliance_check_runner (background sync + check)');
+    let complianceLogPath = parseComplianceLogArg(process.argv);
+    if (isFinalizeComplianceSessionArgv(process.argv)) {
+        if (complianceLogPath) {
+            await finalizeAndUploadComplianceSessionLog(complianceLogPath);
+        }
+        process.exit(0);
+    }
+    if (complianceLogPath) {
+        const resolved = resolveComplianceSessionLogPath(complianceLogPath);
+        if (existsSync(resolved) && isInflightComplianceLogPath(resolved)) {
+            complianceLogPath = initComplianceSessionForRunner(resolved);
+        }
+        else {
+            // Gate may have finalized+moved the session before this background runner started.
+            complianceLogPath = null;
+        }
+    }
+    else {
+        hookLogAppendSection('compliance_check_runner (background sync + check)');
+    }
     complianceRunnerRunnerLine('compliance_check_runner: start');
     try {
         await runComplianceCheck();
@@ -13,6 +34,12 @@ import { runComplianceCheck } from './log_config_files/runtime/compliance_check.
         complianceRunnerRunnerLine(`compliance_check_runner: uncaught error — ${err instanceof Error ? err.message : String(err)}`);
         complianceRunnerRunnerLine(`compliance_check_runner: stack_or_detail ${detail.slice(0, 4000)}`);
         process.stderr.write(`compliance_check_runner error: ${err instanceof Error ? err.message : String(err)}\n`);
+        if (complianceLogPath) {
+            await finalizeAndUploadComplianceSessionLog(complianceLogPath, 'error');
+        }
         process.exit(1);
     }
+    if (complianceLogPath) {
+        await finalizeAndUploadComplianceSessionLog(complianceLogPath);
+    }
 })();

package/dist/compliance_prompt_gate.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 /**
  * Synchronous pre-prompt gate: local compliance only (stdout = single JSON line for IDE hooks).
- * stderr must stay clean; logs go via hookRunLog (file).
+ * stderr must stay clean; logs go via hookRunLog (compliance session file when --compliance-log is set).
  *
  * When autofix returns restart_commands, this process does not spawn them — the shell hook pipes
  * the same JSON line to execute_trusted_restarts (TS allowlist + spawn).
@@ -11,6 +11,7 @@ import { isRemediationQuarantined } from './log_config_files/runtime/remediation
 import { existsSync, readFileSync, statSync } from 'node:fs';
 import { getRemediationInstructionsPath } from './log_config_files/runtime/management_storage.js';
 import { hookLogSessionBanner, hookRunLog, logRemediationApplyFailure } from './log_config_files/runtime/hook_logger.js';
+import { finalizeAndUploadComplianceSessionLog, initComplianceSessionForGate, parseComplianceLogArg, } from './log_config_files/runtime/compliance_session_log.js';
 import { isThisCliModule } from './cli_invocation_match.js';
 import { ensureAuthentication } from './log_config_files/auth/auth_flow.js';
 import { sendConfigFile } from './log_config_files/sender/batch_sender.js';
@@ -19,6 +20,17 @@ import { syncRemediations } from './log_config_files/runtime/remediation_sync.js
 import { loadEndpointBase } from './log_config_files/sender/endpoint_config.js';
 import { formatRemediationChangePreviewForApplied } from './remediation_change_preview.js';
 const MANIFEST_STALE_MS = 7 * 24 * 60 * 60 * 1000;
+/** After verified (or failed verify), push enforcement + session log immediately — do not wait for background runner. */
+async function flushRemediationOutcomeToServer(complianceLogPath) {
+    if (!complianceLogPath)
+        return;
+    try {
+        await finalizeAndUploadComplianceSessionLog(complianceLogPath);
+    }
+    catch (err) {
+        hookRunLog(`compliance_prompt_gate: session finalize/upload failed: ${err instanceof Error ? err.message : String(err)}`);
+    }
+}
 function parseIde() {
     const eq = process.argv.find((a) => a.startsWith('--ide='));
     if (eq) {
@@ -164,10 +176,23 @@ export async function runCompliancePromptGateCli() {
 export async function runCompliancePromptGate() {
     const ide = parseIde();
     const agent = parseAgent(ide);
-    hookLogSessionBanner('compliance_prompt_gate (before submit)');
-    // Sync before checking so server-side changes (enforce/unenforce) propagate on every prompt
-    // without waiting for the background runner. Race against a 3 s timeout so a slow or
-    // unavailable server never delays the gate significantly.
+    let complianceLogPath = parseComplianceLogArg(process.argv);
+    if (complianceLogPath) {
+        complianceLogPath = initComplianceSessionForGate(complianceLogPath);
+    }
+    else {
+        hookLogSessionBanner('compliance_prompt_gate (before submit)');
+    }
+    let status = runLocalRemediationComplianceCheck(agent);
+    // Post-restart verify + server reports BEFORE sync so a manifest UUID swap cannot delay
+    // verified / activity-log until the following prompt.
+    const postRestartVerify = reportPostRestartVerificationOutcomes(status.violations);
+    if (postRestartVerify.outcomes.length > 0) {
+        await Promise.allSettled(postRestartVerify.reportPromises);
+        await flushRemediationOutcomeToServer(complianceLogPath);
+        hookRunLog(`compliance_prompt_gate: post_restart_verification count=${postRestartVerify.outcomes.length} quarantined=${postRestartVerify.outcomes.filter((o) => o.status === 'quarantined').length}`);
+        status = runLocalRemediationComplianceCheck(agent);
+    }
     const hw = tryResolveHardwareUuid();
     if (hw) {
         try {
@@ -180,13 +205,7 @@ export async function runCompliancePromptGate() {
             // Network or auth failure — fall back to local file state.
         }
     }
-    const status = runLocalRemediationComplianceCheck(agent);
-    // Always process pending post-restart rows (even when compliance is ok — apply may have stuck).
-    const postRestartVerify = reportPostRestartVerificationOutcomes(status.violations);
-    if (postRestartVerify.outcomes.length > 0) {
-        await Promise.allSettled(postRestartVerify.reportPromises);
-        hookRunLog(`compliance_prompt_gate: post_restart_verification count=${postRestartVerify.outcomes.length} quarantined=${postRestartVerify.outcomes.filter((o) => o.status === 'quarantined').length}`);
-    }
+    status = runLocalRemediationComplianceCheck(agent);
     // Secondary-satisfied: primary checks failed but settings.json (or equiv) has the fix.
     // Upload those files fire-and-forget so the backend can resolve the finding immediately.
     for (const e of status.secondarySatisfied ?? []) {
@@ -255,6 +274,7 @@ export async function runCompliancePromptGate() {
                 if (immediateVerified) {
                     confirmAppliedAutofixVerified(appliedViolations, reportPromises);
                     await Promise.allSettled(reportPromises);
+                    await flushRemediationOutcomeToServer(complianceLogPath);
                 }
                 const changePreview = formatRemediationChangePreviewForApplied(appliedViolations);
                 const changePreviewSuffix = changePreview ? `\n\n${changePreview}` : '';

package/dist/execute_trusted_restarts.js

@@ -7,9 +7,14 @@
 import { readFileSync } from 'node:fs';
 import { isThisCliModule } from './cli_invocation_match.js';
 import { appendComplianceRunnerLine, hookRunLog } from './log_config_files/runtime/hook_logger.js';
+import { setActiveComplianceLogPath } from './log_config_files/runtime/compliance_session_log.js';
 import { executeTrustedRestartCommands } from './log_config_files/runtime/trusted_restarts.js';
 /** Invoked by dist entrypoint or by `npx log-llm-config@latest execute-trusted-restarts` (cli.js dispatches here). */
 export function runExecuteTrustedRestartsFromStdin() {
+    const complianceLogPath = process.env.OPTIMUS_COMPLIANCE_LOG?.trim();
+    if (complianceLogPath) {
+        setActiveComplianceLogPath(complianceLogPath);
+    }
     let raw;
     try {
         raw = readFileSync(0, 'utf8');

package/dist/log_config_files/collection/claude_desktop_extensions_collector.js

@@ -19,6 +19,109 @@ function extensionsInstallationsPath(home) {
     const base = claudeAppSupportDir(home);
     return base ? join(base, 'extensions-installations.json') : '';
 }
+function claudeExtensionSettingsDir(home) {
+    const base = claudeAppSupportDir(home);
+    return base ? join(base, 'Claude Extensions Settings') : '';
+}
+/** Per-connector toggle: Claude Extensions Settings/<extension-id>.json → { isEnabled: boolean }. */
+function readClaudeDesktopExtensionEnableSettings(home) {
+    const settingsDir = claudeExtensionSettingsDir(home);
+    if (!settingsDir || !existsSync(settingsDir))
+        return new Map();
+    const out = new Map();
+    let entries;
+    try {
+        entries = readdirSync(settingsDir, { withFileTypes: true }).filter((d) => d.isFile());
+    }
+    catch {
+        return out;
+    }
+    for (const dirent of entries) {
+        if (!dirent.name.endsWith('.json'))
+            continue;
+        const extId = dirent.name.slice(0, -'.json'.length);
+        if (!extId)
+            continue;
+        const raw = readJSONFile(join(settingsDir, dirent.name));
+        if (!raw || typeof raw !== 'object')
+            continue;
+        const isEnabled = raw.isEnabled;
+        if (typeof isEnabled === 'boolean') {
+            out.set(extId, isEnabled);
+        }
+    }
+    return out;
+}
+function applyExtensionEnableSettingsToRawContent(rawContent, settings) {
+    if (settings.size === 0)
+        return 0;
+    const extensions = rawContent.extensions;
+    if (!extensions || typeof extensions !== 'object')
+        return 0;
+    let applied = 0;
+    for (const [extId, enabled] of settings) {
+        const ext = extensions[extId];
+        if (!ext || typeof ext !== 'object')
+            continue;
+        ext.isEnabled = enabled;
+        applied += 1;
+    }
+    return applied;
+}
+/**
+ * Upload each Claude Extensions Settings/*.json as its own config file (raw on-disk JSON).
+ * Do not merge isEnabled into extensions-installations.json — that mutates the payload
+ * vs the source file and creates spurious inventory audit diffs.
+ */
+function collectClaudeDesktopExtensionSettingsFiles(home = homedir()) {
+    const settingsDir = claudeExtensionSettingsDir(home);
+    if (!settingsDir || !existsSync(settingsDir))
+        return [];
+    let entries;
+    try {
+        entries = readdirSync(settingsDir, { withFileTypes: true }).filter((d) => d.isFile());
+    }
+    catch {
+        return [];
+    }
+    const results = [];
+    for (const dirent of entries) {
+        if (!dirent.name.endsWith('.json'))
+            continue;
+        const filePath = join(settingsDir, dirent.name);
+        const raw = readJSONFile(filePath);
+        if (!raw || typeof raw !== 'object')
+            continue;
+        results.push({
+            file_type: 'claude_extension_settings',
+            file_path: filePath,
+            raw_content: raw,
+        });
+    }
+    return results;
+}
+/**
+ * @deprecated Do not call during collection — mutates extensions-installations upload payloads.
+ * isEnabled is resolved server-side from claude_extension_settings uploads.
+ */
+function mergeClaudeDesktopExtensionEnableSettings(configFiles, home = homedir()) {
+    const settings = readClaudeDesktopExtensionEnableSettings(home);
+    if (settings.size === 0) {
+        return { applied: 0, settingsCount: 0 };
+    }
+    let applied = 0;
+    for (const entry of configFiles) {
+        if (entry.file_type !== 'claude_extensions_installations')
+            continue;
+        if (!entry.raw_content || typeof entry.raw_content !== 'object')
+            continue;
+        const extensions = entry.raw_content.extensions;
+        if (!extensions || typeof extensions !== 'object')
+            continue;
+        applied += applyExtensionEnableSettingsToRawContent(entry.raw_content, settings);
+    }
+    return { applied, settingsCount: settings.size };
+}
 function normalizePathForMatch(path) {
     return path.replace(/\\/g, '/');
 }
@@ -142,4 +245,4 @@ function collectClaudeDesktopExtensionManifests(home = homedir()) {
     }
     return results;
 }
-export { claudeAppSupportDir, claudeDesktopExtensionsDir, collectClaudeDesktopExtensionManifests, collectDiskOnlyClaudeDesktopExtensions, enrichClaudeDesktopExtensionsInstallationsUpload, };
+export { claudeAppSupportDir, claudeDesktopExtensionsDir, claudeExtensionSettingsDir, collectClaudeDesktopExtensionSettingsFiles, collectClaudeDesktopExtensionManifests, collectDiskOnlyClaudeDesktopExtensions, enrichClaudeDesktopExtensionsInstallationsUpload, mergeClaudeDesktopExtensionEnableSettings, readClaudeDesktopExtensionEnableSettings, };

package/dist/log_config_files/collection/config_collector.js

@@ -1,13 +1,54 @@
-import { existsSync, statSync } from 'node:fs';
+import { existsSync, readdirSync, statSync } from 'node:fs';
 import { homedir } from 'node:os';
 import { readJSONFile, readMCPConfig, readMarkdownFile, readInstalledExtensions } from '../readers/file_readers.js';
 import { getExtensionsCachePath, getExtensionsCacheInstalledSuffix, getVscdbPath } from '../paths/path_constants_helpers.js';
 import { resolvePatternToTargets, normalizePathSkipPrefixes } from '../paths/pattern_resolver.js';
 import { enrichRawFromRecipe } from './enrichment_helpers.js';
+import { applyCoworkSessionWhitelist } from './cowork_session_whitelist.js';
 import { collectDirectoryEntries, collectDirectoryMetadata } from './directory_collector.js';
 import { collectVscdbEntries } from '../readers/vscdb_config_builder.js';
 import { pushDerivedFilesFromRecipe } from './openclaw_helpers.js';
 import { collapseMetadataByFileType } from './metadata_merge.js';
+function withOpencodeEnvPatterns(patterns) {
+    const out = [...patterns];
+    const seen = new Set(out.map((p) => `${p.type}:${p.file_type}:${p.path}`));
+    const add = (pattern) => {
+        const key = `${pattern.type}:${pattern.file_type}:${pattern.path}`;
+        if (seen.has(key))
+            return;
+        seen.add(key);
+        out.push(pattern);
+    };
+    const envConfig = (process.env.OPENCODE_CONFIG || '').trim();
+    if (envConfig) {
+        add({
+            path: envConfig,
+            type: 'file',
+            file_type: 'opencode_mcp',
+            content_format: 'json',
+        });
+    }
+    const envDirRaw = (process.env.OPENCODE_CONFIG_DIR || '').trim();
+    if (!envDirRaw)
+        return out;
+    const envDir = envDirRaw.replace(/[\\/]+$/, '');
+    add({ path: `${envDir}/opencode.json`, type: 'file', file_type: 'opencode_mcp', content_format: 'json' });
+    add({ path: `${envDir}/opencode.jsonc`, type: 'file', file_type: 'opencode_mcp', content_format: 'json' });
+    add({ path: `${envDir}/command-hooks.json`, type: 'file', file_type: 'opencode_command_hooks', content_format: 'json' });
+    add({ path: `${envDir}/command-hooks.jsonc`, type: 'file', file_type: 'opencode_command_hooks', content_format: 'json' });
+    add({ path: `${envDir}/AGENTS.md`, type: 'file', file_type: 'opencode_rule', content_format: 'markdown' });
+    add({ path: `${envDir}/agents/`, type: 'dir', file_type: 'opencode_subagent', content_format: 'markdown', dir_glob: '*.md' });
+    add({ path: `${envDir}/commands/`, type: 'dir', file_type: 'opencode_command', content_format: 'markdown', dir_glob: '*.md' });
+    add({ path: `${envDir}/skills/`, type: 'dir', file_type: 'opencode_skill', content_format: 'markdown', dir_glob: '*.md' });
+    add({ path: `${envDir}/mcp-auth.json`, type: 'file', file_type: 'opencode_mcp_auth', content_format: 'json' });
+    add({ path: `${envDir}/managed.json`, type: 'file', file_type: 'opencode_managed_preference', content_format: 'json' });
+    add({ path: `${envDir}/package.json`, type: 'file', file_type: 'opencode_plugin_manifest', content_format: 'json' });
+    add({ path: `${envDir}/plugins/`, type: 'dir', file_type: 'opencode_plugin', content_format: 'text', dir_glob: '*' });
+    add({ path: `${envDir}/plugin/`, type: 'dir', file_type: 'opencode_plugin', content_format: 'text', dir_glob: '*' });
+    add({ path: `${envDir}/plugins/*/package.json`, type: 'file', file_type: 'opencode_plugin_manifest', content_format: 'json' });
+    add({ path: `${envDir}/plugin/*/package.json`, type: 'file', file_type: 'opencode_plugin_manifest', content_format: 'json' });
+    return out;
+}
 function buildCollectionContext(patterns, projectRoot, home, homeRecurseSkipDirs = [], absolutePathPrefixes = [], mcpToolGlobSpec = null, clientPathConstants = null, pathResolutionSpecs = null) {
     const seenPaths = new Set();
     const targets = [];
@@ -69,11 +110,28 @@ function collectRegularFileEntry(t, enrichByFileType) {
     const recipe = enrichByFileType[t.file_type];
     if (recipe)
         enrichRawFromRecipe(raw, recipe);
+    // Cowork session metadata: reduce to the PII whitelist (hash identity, drop
+    // server URLs, keep only the activity-signal keys) BEFORE it leaves the
+    // device. Drop the entry entirely if nothing whitelisted survives so raw
+    // session content can never be emitted (e.g. on a JSON parse failure).
+    if (t.file_type === 'cowork_session_metadata') {
+        const filtered = applyCoworkSessionWhitelist(raw);
+        if (filtered === null)
+            return null;
+        raw = filtered;
+    }
     return { file_type: t.file_type, file_path: t.logicalFilePath ?? t.path, raw_content: raw };
 }
 function collectMetadataEntry(t) {
     try {
         const stats = statSync(t.path);
+        if (stats.isDirectory?.()) {
+            try {
+                if (readdirSync(t.path).length === 0)
+                    return null;
+            }
+            catch { /* unreadable — assume non-empty, allow */ }
+        }
         return { file_type: t.file_type, file_path: t.logicalFilePath ?? t.path, raw_content: { filename: t.path, last_modified: stats.mtime.toISOString(), source: 'file_metadata' }, collect_style: 'metadata' };
     }
     catch (err) {
@@ -99,7 +157,8 @@ function collectConfigFilesFromPatterns(patterns, projectRoot, onProgress, optio
     const vscdbPath = getVscdbPath(home, pathConstants);
     const extensionsCachePath = getExtensionsCachePath(home, pathConstants);
     const extensionsInstalledSuffix = getExtensionsCacheInstalledSuffix(pathConstants);
-    const { targets, enrichByFileType, metadataOnlyFileTypes } = buildCollectionContext(patterns, projectRoot, home, options?.home_recurse_skip_dirs ?? [], options?.absolute_path_prefixes ?? [], options?.mcp_tool_glob_spec ?? null, pathConstants, options?.path_resolution_specs ?? null);
+    const effectivePatterns = withOpencodeEnvPatterns(patterns);
+    const { targets, enrichByFileType, metadataOnlyFileTypes } = buildCollectionContext(effectivePatterns, projectRoot, home, options?.home_recurse_skip_dirs ?? [], options?.absolute_path_prefixes ?? [], options?.mcp_tool_glob_spec ?? null, pathConstants, options?.path_resolution_specs ?? null);
     const configFiles = [];
     const handledSpecialPaths = new Set();
     const loggedFileTypes = new Set();
@@ -156,7 +215,7 @@ export { collectConfigFilesFromPatterns };
 export { collectMcpToolFiles } from './mcp_tool_collector.js';
 export { collectConfigFilesFromInstalledPlugins, collectPluginCacheMcpFiles } from './plugin_collector.js';
 export { collectMcpFromClaudeJsonProjects } from './claude_known_projects_collector.js';
-export { collectClaudeDesktopExtensionManifests, enrichClaudeDesktopExtensionsInstallationsUpload, } from './claude_desktop_extensions_collector.js';
+export { collectClaudeDesktopExtensionManifests, collectClaudeDesktopExtensionSettingsFiles, enrichClaudeDesktopExtensionsInstallationsUpload, mergeClaudeDesktopExtensionEnableSettings, } from './claude_desktop_extensions_collector.js';
 export { collectCursorProjectWorkspaceMcpConfigs } from './cursor_project_mcp_collector.js';
 export { determineFileTypeFromPath } from './file_type_rules.js';
 export { enrichRawFromRecipe } from './enrichment_helpers.js';

package/dist/log_config_files/collection/cowork_session_whitelist.js

@@ -0,0 +1,89 @@
+/**
+ * PII boundary for Cowork session metadata (`local_<sessionId>.json`).
+ *
+ * Each Cowork session file carries ~47 KB of system prompt plus the user's
+ * conversation seed, selected folders, etc. We only need a small activity
+ * signal (which MCP servers were connected, recency, archived state). This
+ * reduces a parsed session object to a whitelist of top-level keys BEFORE it
+ * leaves the device — minimum-egress, matching DeepSecurityAndPrivacyEnhancer.
+ *
+ *   - Only the keys in ALLOWED_KEYS survive; everything else is dropped.
+ *   - `accountName` / `emailAddress` are sha256-hashed (cross-session joins
+ *     without storing raw identity).
+ *   - `remoteMcpServersConfig[]` keeps `{name, uuid, tools}` only; `url` is
+ *     dropped (remote-MCP endpoint URLs can embed workspace ids / tokens).
+ *
+ * The sibling `local_<sessionId>/` directory (audit.jsonl, outputs/, uploads/)
+ * is never collected — see the collection glob in agents/cowork.py. Server-side
+ * ingest re-validates the shape and rejects any denied key as defense in depth.
+ *
+ * See design_notes/Phase0_5CoworkActivityEvidence.md.
+ */
+import crypto from 'node:crypto';
+export const COWORK_SESSION_ALLOWED_KEYS = [
+    'sessionId',
+    'accountName', // hashed
+    'emailAddress', // hashed
+    'model',
+    'createdAt',
+    'lastActivityAt',
+    'isArchived',
+    'pluginsEnabled',
+    'skillsEnabled',
+    'memoryEnabled',
+    'hostLoopMode',
+    'cwd',
+    'enabledMcpTools', // dict "<serverUUID>:<tool>" -> bool
+    'remoteMcpServersConfig', // list of {name, uuid, tools} (url dropped)
+];
+const HASHED_KEYS = new Set(['accountName', 'emailAddress']);
+const REMOTE_SERVER_KEEP = ['name', 'uuid', 'tools'];
+function sha256Hex(value) {
+    return crypto.createHash('sha256').update(String(value)).digest('hex');
+}
+function sanitizeRemoteServers(value) {
+    if (!Array.isArray(value))
+        return [];
+    const out = [];
+    for (const entry of value) {
+        // Drop any non-object entry: a malformed/tampered remoteMcpServersConfig
+        // could carry a raw string (e.g. "https://…?token=…") that would otherwise
+        // survive the whitelist. Only keep whitelisted keys of well-formed objects.
+        if (entry === null || typeof entry !== 'object' || Array.isArray(entry))
+            continue;
+        const e = entry;
+        const kept = {};
+        for (const k of REMOTE_SERVER_KEEP) {
+            if (k in e)
+                kept[k] = e[k];
+        }
+        out.push(kept);
+    }
+    return out;
+}
+/**
+ * Reduce a parsed Cowork session object to the whitelisted, hashed shape.
+ * Returns `null` when nothing survives (e.g. a non-object or a file that
+ * failed to parse to the expected shape) so the caller can drop the entry
+ * rather than emit an empty row — and, critically, never emit raw content.
+ */
+export function applyCoworkSessionWhitelist(raw) {
+    if (raw === null || raw === undefined || typeof raw !== 'object')
+        return null;
+    const out = {};
+    for (const key of COWORK_SESSION_ALLOWED_KEYS) {
+        if (!(key in raw))
+            continue;
+        if (HASHED_KEYS.has(key)) {
+            const v = raw[key];
+            out[key] = v === null || v === undefined || v === '' ? '' : sha256Hex(v);
+        }
+        else if (key === 'remoteMcpServersConfig') {
+            out[key] = sanitizeRemoteServers(raw[key]);
+        }
+        else {
+            out[key] = raw[key];
+        }
+    }
+    return Object.keys(out).length > 0 ? out : null;
+}

package/dist/log_config_files/collection/cursor_project_mcp_collector.js

@@ -105,10 +105,45 @@ function isEphemeralCursorProjectDir(name) {
 function isInternalCursorWorkspaceSlug(slug) {
     return normalizeSlugPart(slug) === 'empty-window';
 }
+function readMcpToolCache(projectPath) {
+    const cachePath = join(projectPath, 'mcp-cache.json');
+    if (!existsSync(cachePath))
+        return null;
+    const cache = readJSONFile(cachePath);
+    if (cache && typeof cache === 'object' && !Array.isArray(cache)) {
+        return cache;
+    }
+    return null;
+}
+/** Tool schemas from mcp-cache.json for a connected mcps/ server (never creates inventory rows). */
+function cursorMcpCacheToolsForServer(cache, label, serverDirName) {
+    if (!cache)
+        return undefined;
+    const aliases = new Set();
+    const addAlias = (s) => {
+        const t = s.trim();
+        if (t)
+            aliases.add(t.toLowerCase());
+    };
+    addAlias(label);
+    addAlias(serverDirName);
+    if (serverDirName.startsWith('user-'))
+        addAlias(serverDirName.slice('user-'.length));
+    else
+        addAlias(`user-${label}`);
+    for (const [key, val] of Object.entries(cache)) {
+        if (!key.trim() || !aliases.has(key.trim().toLowerCase()))
+            continue;
+        if (val && typeof val === 'object' && Array.isArray(val.tools)) {
+            return val.tools;
+        }
+    }
+    return undefined;
+}
 /**
  * Cursor stores per-workspace MCP state under ~/.cursor/projects/<slug>/ (mcp-cache.json, mcps/*).
  * This is not the repo file at <repo>/.cursor/mcp.json. Upload one mcp_config per slug with
- * normalized mcpServers for inventory plus cursor_workspace metadata for scope display.
+ * mcpServers from mcps/ only; mcp-cache.json supplies supplementary tool schemas when names match.
  */
 function collectCursorProjectWorkspaceMcpConfigs(pathSkipPrefixes = [], constants, workspaceVscdbSpec, home = homedir()) {
     const skipPrefixes = normalizePathSkipPrefixes(pathSkipPrefixes);
@@ -136,18 +171,7 @@ function collectCursorProjectWorkspaceMcpConfigs(pathSkipPrefixes = [], constant
             continue;
         const mcpServers = {};
         const cachePath = join(projectPath, 'mcp-cache.json');
-        if (existsSync(cachePath)) {
-            const cache = readJSONFile(cachePath);
-            if (cache && typeof cache === 'object' && !Array.isArray(cache)) {
-                for (const [name, val] of Object.entries(cache)) {
-                    if (!name.trim())
-                        continue;
-                    if (val && typeof val === 'object' && Array.isArray(val.tools)) {
-                        mcpServers[name] = { cursor_source: 'mcp-cache.json' };
-                    }
-                }
-            }
-        }
+        const mcpToolCache = readMcpToolCache(projectPath);
         const mcpsPath = join(projectPath, 'mcps');
         if (existsSync(mcpsPath)) {
             try {
@@ -158,12 +182,17 @@ function collectCursorProjectWorkspaceMcpConfigs(pathSkipPrefixes = [], constant
                     const label = mcpServerLabelFromMcpsDir(serverDir.name, metaObj);
                     if (!label)
                         continue;
-                    if (!(label in mcpServers)) {
-                        mcpServers[label] = {
-                            cursor_source: 'mcps',
-                            server_identifier: serverDir.name,
-                        };
+                    if (label in mcpServers)
+                        continue;
+                    const entry = {
+                        cursor_source: 'mcps',
+                        server_identifier: serverDir.name,
+                    };
+                    const cacheTools = cursorMcpCacheToolsForServer(mcpToolCache, label, serverDir.name);
+                    if (cacheTools !== undefined) {
+                        entry.cursor_mcp_cache_tools = cacheTools;
                     }
+                    mcpServers[label] = entry;
                 }
             }
             catch {