metheus-governance-mcp-cli 0.2.43 → 0.2.45
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cli.mjs +38 -12
- package/package.json +1 -1
package/cli.mjs
CHANGED
|
@@ -520,6 +520,10 @@ function isEditorInstallDirectory(candidatePath) {
|
|
|
520
520
|
if (normalized.includes("\\appdata\\local\\programs\\microsoft vs code")) return true;
|
|
521
521
|
if (normalized.includes("\\appdata\\local\\programs\\antigravity")) return true;
|
|
522
522
|
if (normalized.includes("\\appdata\\local\\programs\\cursor")) return true;
|
|
523
|
+
if (normalized.includes("\\program files\\antigravity")) return true;
|
|
524
|
+
if (normalized.includes("\\program files (x86)\\antigravity")) return true;
|
|
525
|
+
if (normalized.includes("\\program files\\cursor")) return true;
|
|
526
|
+
if (normalized.includes("\\program files (x86)\\cursor")) return true;
|
|
523
527
|
if (normalized.includes("\\program files\\microsoft vs code")) return true;
|
|
524
528
|
if (normalized.includes("\\program files (x86)\\microsoft vs code")) return true;
|
|
525
529
|
return false;
|
|
@@ -2755,11 +2759,11 @@ function syncCtxpackToLocalCache({
|
|
|
2755
2759
|
? metaPath
|
|
2756
2760
|
: path.join(resolvedWorkspaceDir, CTXPACK_META_FILENAME);
|
|
2757
2761
|
|
|
2758
|
-
if (!workspaceSignalTrusted
|
|
2762
|
+
if (!workspaceSignalTrusted) {
|
|
2759
2763
|
return {
|
|
2760
2764
|
sync_status: "guarded",
|
|
2761
2765
|
sync_message:
|
|
2762
|
-
"Workspace signal is missing in auto mode. Guardrail blocked ctxpack local write
|
|
2766
|
+
"Workspace signal is missing in auto mode. Guardrail blocked ctxpack local write.",
|
|
2763
2767
|
local_path: cacheDir,
|
|
2764
2768
|
workspace_path: resolvedWorkspaceDir,
|
|
2765
2769
|
local_file_count: 0,
|
|
@@ -3638,6 +3642,17 @@ function shouldUseSafeToolAliasesForClient(initParamsRaw) {
|
|
|
3638
3642
|
return name.includes("cursor") || name.includes("antigravity");
|
|
3639
3643
|
}
|
|
3640
3644
|
|
|
3645
|
+
function canTrustProcessCwdForClient(clientNameRaw) {
|
|
3646
|
+
const name = String(clientNameRaw || "").trim().toLowerCase();
|
|
3647
|
+
if (!name) return false;
|
|
3648
|
+
// Codex/Cursor/Antigravity can run MCP from app/install directories.
|
|
3649
|
+
if (name.includes("codex")) return false;
|
|
3650
|
+
if (name.includes("cursor")) return false;
|
|
3651
|
+
if (name.includes("antigravity")) return false;
|
|
3652
|
+
// CLI-style clients (e.g., Gemini/Claude Code) usually launch from active project cwd.
|
|
3653
|
+
return name.includes("gemini") || name.includes("claude");
|
|
3654
|
+
}
|
|
3655
|
+
|
|
3641
3656
|
function displayToolNameForClient(canonicalName, useSafeToolAliases = false) {
|
|
3642
3657
|
const canonical = String(canonicalName || "").trim();
|
|
3643
3658
|
if (!canonical) return "";
|
|
@@ -4222,6 +4237,7 @@ async function runProxy(flags) {
|
|
|
4222
4237
|
let sessionUseSafeToolAliases = false;
|
|
4223
4238
|
let sessionToolAliasToCanonical = new Map();
|
|
4224
4239
|
let sessionToolCanonicalToAlias = new Map();
|
|
4240
|
+
let sessionClientName = "";
|
|
4225
4241
|
|
|
4226
4242
|
// Proxy-initiated requests (e.g., roots/list) pending client responses.
|
|
4227
4243
|
const pendingProxyRequests = new Map(); // id → callback(responseObj)
|
|
@@ -4353,8 +4369,13 @@ async function runProxy(flags) {
|
|
|
4353
4369
|
return;
|
|
4354
4370
|
}
|
|
4355
4371
|
|
|
4356
|
-
if (isJsonRpcMethod(requestObj, "initialize")
|
|
4357
|
-
|
|
4372
|
+
if (isJsonRpcMethod(requestObj, "initialize")) {
|
|
4373
|
+
const initParams = safeObject(requestObj?.params);
|
|
4374
|
+
const initClientInfo = safeObject(initParams.clientInfo);
|
|
4375
|
+
sessionClientName = String(initClientInfo.name || "").trim().toLowerCase();
|
|
4376
|
+
if (shouldUseSafeToolAliasesForClient(initParams)) {
|
|
4377
|
+
sessionUseSafeToolAliases = true;
|
|
4378
|
+
}
|
|
4358
4379
|
}
|
|
4359
4380
|
if (sessionUseSafeToolAliases) {
|
|
4360
4381
|
requestObj = rewriteAliasedToolCallToCanonical(requestObj, sessionToolAliasToCanonical);
|
|
@@ -4374,16 +4395,22 @@ async function runProxy(flags) {
|
|
|
4374
4395
|
sessionWorkspaceDir = strongRequestWorkspaceCandidate;
|
|
4375
4396
|
sessionWorkspaceTrusted = true;
|
|
4376
4397
|
} else if (weakRequestWorkspaceCandidate) {
|
|
4377
|
-
|
|
4398
|
+
// Keep trusted session workspace (e.g., roots/list) stable against weak per-request cwd noise.
|
|
4399
|
+
if (!sessionWorkspaceTrusted || !sessionWorkspaceDir) {
|
|
4400
|
+
sessionWorkspaceDir = weakRequestWorkspaceCandidate;
|
|
4401
|
+
}
|
|
4378
4402
|
} else if (weakEnvWorkspaceCandidate) {
|
|
4379
4403
|
sessionWorkspaceDir = weakEnvWorkspaceCandidate;
|
|
4380
4404
|
}
|
|
4381
4405
|
if (!sessionWorkspaceDir) {
|
|
4382
4406
|
const currentCwdCandidate = sanitizeWorkspaceCandidate(process.cwd());
|
|
4383
|
-
if (
|
|
4407
|
+
if (
|
|
4408
|
+
currentCwdCandidate &&
|
|
4409
|
+
!isHomeWorkspaceRoot(currentCwdCandidate) &&
|
|
4410
|
+
canTrustProcessCwdForClient(sessionClientName)
|
|
4411
|
+
) {
|
|
4384
4412
|
sessionWorkspaceDir = currentCwdCandidate;
|
|
4385
|
-
//
|
|
4386
|
-
// when spawning MCP server processes, so treat plausible cwd as trusted.
|
|
4413
|
+
// For selected clients, process cwd is a valid workspace signal.
|
|
4387
4414
|
sessionWorkspaceTrusted = true;
|
|
4388
4415
|
}
|
|
4389
4416
|
}
|
|
@@ -4394,9 +4421,12 @@ async function runProxy(flags) {
|
|
|
4394
4421
|
}
|
|
4395
4422
|
}
|
|
4396
4423
|
}
|
|
4424
|
+
const hasWeakRequestWorkspaceSignal =
|
|
4425
|
+
Boolean(weakRequestWorkspaceCandidate) && !isHomeWorkspaceRoot(weakRequestWorkspaceCandidate);
|
|
4397
4426
|
const workspaceSignalTrusted =
|
|
4398
4427
|
args.explicitPinnedWorkspace ||
|
|
4399
4428
|
sessionWorkspaceTrusted ||
|
|
4429
|
+
hasWeakRequestWorkspaceSignal ||
|
|
4400
4430
|
Boolean(strongRequestWorkspaceCandidate || strongEnvWorkspaceCandidate);
|
|
4401
4431
|
const requestWorkspaceDir = args.explicitPinnedWorkspace
|
|
4402
4432
|
? resolveWorkspaceDir(args.workspaceDir || process.cwd())
|
|
@@ -5155,13 +5185,9 @@ function runSetupInternal(flags, options = {}) {
|
|
|
5155
5185
|
const transport = getRegisteredTransport(cliBin, context.serverName);
|
|
5156
5186
|
if (transport) {
|
|
5157
5187
|
const existingWorkspaceDir = extractWorkspaceDirArg(transport.args);
|
|
5158
|
-
const existingEnv = safeObject(transport.env);
|
|
5159
|
-
const existingWorkspaceEnv = String(existingEnv.METHEUS_WORKSPACE_DIR || "").trim();
|
|
5160
5188
|
if (existingWorkspaceDir && !isAutoWorkspaceMode(existingWorkspaceDir)) {
|
|
5161
5189
|
proxyArgsForRegister = withWorkspaceDirArg(proxyArgsForRegister, existingWorkspaceDir);
|
|
5162
5190
|
workspaceEnvForRegister = "";
|
|
5163
|
-
} else if (!workspaceEnvForRegister && existingWorkspaceEnv) {
|
|
5164
|
-
workspaceEnvForRegister = resolveWorkspaceDir(existingWorkspaceEnv);
|
|
5165
5191
|
}
|
|
5166
5192
|
}
|
|
5167
5193
|
}
|