npm - metheus-governance-mcp-cli - Versions diffs - 0.2.44 → 0.2.46 - Mend

metheus-governance-mcp-cli 0.2.44 → 0.2.46

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/cli.mjs +37 -6
package/package.json +1 -1

package/cli.mjs CHANGED Viewed

@@ -520,6 +520,10 @@ function isEditorInstallDirectory(candidatePath) {
   if (normalized.includes("\\appdata\\local\\programs\\microsoft vs code")) return true;
   if (normalized.includes("\\appdata\\local\\programs\\antigravity")) return true;
   if (normalized.includes("\\appdata\\local\\programs\\cursor")) return true;
+  if (normalized.includes("\\program files\\antigravity")) return true;
+  if (normalized.includes("\\program files (x86)\\antigravity")) return true;
+  if (normalized.includes("\\program files\\cursor")) return true;
+  if (normalized.includes("\\program files (x86)\\cursor")) return true;
   if (normalized.includes("\\program files\\microsoft vs code")) return true;
   if (normalized.includes("\\program files (x86)\\microsoft vs code")) return true;
   return false;
@@ -3612,6 +3616,28 @@ function appendToolAliasesToToolsListResponse(responseObj, canonicalToAlias) {
   return responseObj;
 }
+function rewriteToolsListToSafeAliasesOnly(responseObj, canonicalToAlias) {
+  const result = safeObject(responseObj.result);
+  const tools = ensureArray(result.tools);
+  const out = [];
+  const used = new Set();
+  for (const tool of tools) {
+    const safeTool = safeObject(tool);
+    const canonicalName = String(safeTool.name || "").trim();
+    if (!canonicalName) continue;
+    const aliasName = String(canonicalToAlias.get(canonicalName) || "").trim();
+    const finalName = aliasName || canonicalName;
+    if (used.has(finalName)) continue;
+    used.add(finalName);
+    out.push({ ...safeTool, name: finalName });
+  }
+  result.tools = out;
+  responseObj.result = result;
+  return responseObj;
+}
 function rewriteAliasedToolCallToCanonical(requestObj, aliasToCanonical) {
   if (!isJsonRpcMethod(requestObj, "tools/call")) return requestObj;
   const params = safeObject(requestObj.params);
@@ -3641,10 +3667,12 @@ function shouldUseSafeToolAliasesForClient(initParamsRaw) {
 function canTrustProcessCwdForClient(clientNameRaw) {
   const name = String(clientNameRaw || "").trim().toLowerCase();
   if (!name) return false;
-  // Codex app-server may not pass workspace signals reliably; never trust bare process.cwd().
+  // Codex/Cursor/Antigravity can run MCP from app/install directories.
   if (name.includes("codex")) return false;
-  // VS Code forks generally spawn MCP in active workspace folder.
-  return name.includes("cursor") || name.includes("antigravity");
+  if (name.includes("cursor")) return false;
+  if (name.includes("antigravity")) return false;
+  // CLI-style clients (e.g., Gemini/Claude Code) usually launch from active project cwd.
+  return name.includes("gemini") || name.includes("claude");
 }
 function displayToolNameForClient(canonicalName, useSafeToolAliases = false) {
@@ -3697,7 +3725,7 @@ function appendProjectHintToInitialize(responseObj, args, options = {}) {
     "High-priority project bootstrap rule:",
     ...(useSafeToolAliases
       ? [
-          "- This session supports safe MCP tool aliases (underscore format). Prefer `project_summary` / `ctxpack_ensure` / `workitem_list`; dotted names are also accepted.",
+          "- This session uses safe MCP tool aliases (underscore format). Use `project_summary` / `ctxpack_ensure` / `workitem_list` style names, not dotted names.",
         ]
       : []),
     `- MUST call \`${projectSummaryTool}\` first when the user provides only a Project ID or asks project overview/agenda.`,
@@ -4389,7 +4417,10 @@ async function runProxy(flags) {
         sessionWorkspaceDir = strongRequestWorkspaceCandidate;
         sessionWorkspaceTrusted = true;
       } else if (weakRequestWorkspaceCandidate) {
-        sessionWorkspaceDir = weakRequestWorkspaceCandidate;
+        // Keep trusted session workspace (e.g., roots/list) stable against weak per-request cwd noise.
+        if (!sessionWorkspaceTrusted || !sessionWorkspaceDir) {
+          sessionWorkspaceDir = weakRequestWorkspaceCandidate;
+        }
       } else if (weakEnvWorkspaceCandidate) {
         sessionWorkspaceDir = weakEnvWorkspaceCandidate;
       }
@@ -4641,7 +4672,7 @@ async function runProxy(flags) {
               const aliasMaps = buildToolAliasMaps(tools);
               sessionToolAliasToCanonical = aliasMaps.aliasToCanonical;
               sessionToolCanonicalToAlias = aliasMaps.canonicalToAlias;
-              patched = appendToolAliasesToToolsListResponse(patched, sessionToolCanonicalToAlias);
+              patched = rewriteToolsListToSafeAliasesOnly(patched, sessionToolCanonicalToAlias);
             }
           } else if (isJsonRpcMethod(requestObj, "initialize")) {
             patched = appendProjectHintToInitialize(patched, args, {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "metheus-governance-mcp-cli",
-  "version": "0.2.44",
+  "version": "0.2.46",
   "description": "Metheus Governance MCP CLI (setup + stdio proxy)",
   "type": "module",
   "files": [