octocode-mcp 2.3.12 → 2.3.13

package/build/index.js

@@ -144,29 +144,6 @@ function escapeShellArg(arg, shellType, isGitHubQuery // Flag to indicate if thi
         const isWindows = platform() === 'win32';
         shellType = isWindows ? 'cmd' : 'unix';
     }
-    // Special handling for GitHub search queries to preserve AND logic
-    if (isGitHubQuery) {
-        // If the argument already contains quotes, preserve them for exact phrases
-        if (arg.includes('"')) {
-            // For Unix-like shells, wrap the entire argument in single quotes
-            if (shellType === 'unix') {
-                return `'${arg.replace(/'/g, "'\"'\"'")}'`;
-            }
-            // For Windows CMD
-            if (shellType === 'cmd') {
-                return `"${arg.replace(/"/g, '""')}"`;
-            }
-            // For PowerShell
-            return `'${arg.replace(/'/g, "''")}'`;
-        }
-        // For space-separated terms (AND search), minimize escaping
-        if (arg.includes(' ') && shellType === 'unix') {
-            // Only escape if contains dangerous shell characters
-            if (!/[;&|<>$`\\]/.test(arg)) {
-                return `"${arg}"`;
-            }
-        }
-    }
     switch (shellType) {
         case 'powershell':
             return escapePowerShellArg(arg);
@@ -174,7 +151,7 @@ function escapeShellArg(arg, shellType, isGitHubQuery // Flag to indicate if thi
             return escapeWindowsCmdArg(arg);
         case 'unix':
         default:
-            return escapeUnixShellArg(arg, isGitHubQuery);
+            return escapeUnixShellArg(arg);
     }
 }
 /**
@@ -205,30 +182,10 @@ function escapeWindowsCmdArg(arg) {
  * Preserves AND search logic by not over-escaping space-separated terms
  */
 function escapeUnixShellArg(arg, isGitHubQuery) {
-    // For GitHub search queries, we need to preserve AND logic and quoted phrases
-    if (isGitHubQuery) {
-        // If the query contains quotes, we need to preserve them for GitHub CLI
-        // but escape the entire argument for the shell
-        if (arg.includes('"')) {
-            // Use single quotes to wrap the entire query while preserving internal quotes
-            // This allows GitHub CLI to see: "quoted phrase" other terms
-            return `'${arg.replace(/'/g, "'\"'\"'")}'`;
-        }
-        // For space-separated terms (AND search), only escape if absolutely necessary
-        // GitHub CLI expects space-separated terms for AND logic
-        if (arg.includes(' ') && !/[;&|<>$`\\]/.test(arg)) {
-            // Only wrap in quotes if it contains shell metacharacters beyond spaces
-            return `"${arg}"`;
-        }
-        // For single terms or terms with special chars, escape normally
-        if (/[;&|<>$`\\]/.test(arg)) {
-            return `'${arg.replace(/'/g, "'\"'\"'")}'`;
-        }
-        // Simple terms don't need escaping
-        return arg;
-    }
     // Standard Unix shell escaping for other arguments
-    if (/[^a-zA-Z0-9\-_./=@:]/.test(arg)) {
+    // Only escape if contains dangerous shell metacharacters
+    // Allow common safe characters: alphanumeric, dash, underscore, dot, slash, equals, at, colon, comma
+    if (/[;&|<>$`\\*?()[\]{}^~]/.test(arg)) {
         return `'${arg.replace(/'/g, "'\"'\"'")}'`;
     }
     return arg;
@@ -245,7 +202,28 @@ async function executeNpmCommand(command, args = [], options = {}) {
     // Get shell configuration
     const shellConfig = getShellConfig(options.windowsShell);
     // Build command with validated prefix and properly escaped arguments
-    const escapedArgs = args.map(arg => escapeShellArg(arg, shellConfig.type));
+    // NPM commands need minimal escaping - most arguments are package names or CLI flags
+    const escapedArgs = args.map(arg => {
+        const isCliFlag = arg.startsWith('--');
+        // CLI flags like --searchlimit=20, --json need minimal escaping
+        if (isCliFlag) {
+            // Only escape CLI flags if they contain dangerous shell characters
+            if (/[;&|<>$`\\]/.test(arg)) {
+                return escapeShellArg(arg, shellConfig.type);
+            }
+            return arg;
+        }
+        // Package names and search terms need minimal escaping
+        // Only escape if contains shell metacharacters that could be dangerous
+        if (/[;&|<>$`\\*?[\]{}]/.test(arg)) {
+            return escapeShellArg(arg, shellConfig.type);
+        }
+        // For arguments with spaces, use minimal quoting
+        if (/\s/.test(arg)) {
+            return `"${arg}"`;
+        }
+        return arg;
+    });
     const fullCommand = `npm ${command} ${escapedArgs.join(' ')}`;
     const executeNpmCommand = () => executeCommand(fullCommand, 'npm', options, shellConfig);
     if (options.cache) {
@@ -269,33 +247,40 @@ async function executeGitHubCommand(command, args = [], options = {}) {
     // Get shell configuration
     const shellConfig = getShellConfig(options.windowsShell);
     // Build command with validated prefix and properly escaped arguments
-    // For GitHub search commands, we need to distinguish between:
-    // 1. Main query (index 1) - needs special escaping for AND logic
-    // 2. CLI flags (--flag=value) - standard escaping
-    // 3. Search qualifiers (key:value) - minimal escaping
+    // For GitHub search commands, we need minimal escaping to avoid interfering with GitHub CLI
     const escapedArgs = args.map((arg, index) => {
         const isMainQueryArgument = command === 'search' && index === 1;
         const isCliFlag = arg.startsWith('--');
-        const isGitHubQualifier = command === 'search' &&
-            index > 1 &&
-            !isCliFlag &&
-            (arg.includes(':') || arg.startsWith('('));
-        // CLI flags like --language=javascript, --repo=owner/repo need standard escaping
+        // CLI flags like --language=javascript, --repo=owner/repo need minimal escaping
         if (isCliFlag) {
-            return escapeShellArg(arg, shellConfig.type, false);
+            // Only escape CLI flags if they contain dangerous shell characters
+            if (/[;&|<>$`\\*?[\]{}]/.test(arg)) {
+                return escapeShellArg(arg, shellConfig.type);
+            }
+            return arg;
         }
-        // GitHub search qualifiers need special handling
-        // Most qualifiers can be passed as-is, but those with shell metacharacters need escaping
-        if (isGitHubQualifier) {
-            // Check if the qualifier contains shell metacharacters that need escaping
-            if (/[<>&|;`$\\]/.test(arg)) {
-                // Escape qualifiers that contain shell metacharacters like size:<1000, size:>500
-                return escapeShellArg(arg, shellConfig.type, false);
+        // For search queries, only escape if absolutely necessary for shell safety
+        if (isMainQueryArgument) {
+            // Only escape if the argument contains shell metacharacters that could be dangerous
+            if (/[;&|<>$`\\*?[\]{}]/.test(arg)) {
+                return escapeShellArg(arg, shellConfig.type);
+            }
+            // For simple queries with spaces or special chars, use minimal quoting
+            if (/\s/.test(arg)) {
+                return `"${arg}"`;
             }
-            // Safe qualifiers like "language:typescript", "user:microsoft" can be passed as-is
             return arg;
         }
-        return escapeShellArg(arg, shellConfig.type, isMainQueryArgument);
+        // For other arguments, use minimal escaping
+        // Only escape if contains shell metacharacters that could be dangerous
+        if (/[;&|<>$`\\*?[\]{}]/.test(arg)) {
+            return escapeShellArg(arg, shellConfig.type);
+        }
+        // For arguments with spaces, use minimal quoting
+        if (/\s/.test(arg)) {
+            return `"${arg}"`;
+        }
+        return arg;
     });
     const fullCommand = `gh ${command} ${escapedArgs.join(' ')}`;
     const executeGhCommand = () => executeCommand(fullCommand, 'github', options, shellConfig);
@@ -1355,8 +1340,8 @@ function buildGitHubCliArgs(params) {
     const args = ['code'];
     // Build search query (either exactQuery OR queryTerms, never both)
     if (params.exactQuery) {
-        // Add exact query with quotes for literal matching
-        args.push(`"${params.exactQuery}"`);
+        // Add exact query - let GitHub CLI handle the quoting
+        args.push(params.exactQuery);
     }
     else if (params.queryTerms && params.queryTerms.length > 0) {
         // Add query terms as separate arguments (for AND logic)
@@ -113434,23 +113419,19 @@ function buildGitHubPullRequestsListCommand(params) {
 const NPM_PACKAGE_SEARCH_TOOL_NAME = 'npmPackageSearch';
 const DESCRIPTION$3 = `Search NPM packages using 'npm search' command. Discover packages by functionality keywords and explore alternatives.
 
-CAPABILITIES:
-- Package discovery: npm search <term> --json --searchlimit=<n>
-- Multiple search terms: searches each term separately and combines results
-- Functional keyword search: "testing", "validation", "http client" 
-- Repository URL extraction for GitHub integration
-- Deduplication and result optimization
+**WHEN TO USE**: Use when users ask questions about npm packages or need to discover packages - provides package discovery and ecosystem insights.
+
+**KEY INSIGHTS**:
+- Another code search mechanism for npm packages (along github repository search)
+- Repo discovery by npm packages search
+- Package descriptions, keywords, and version information
+- Can be used undesrsant npm depndencies better
 
-SEARCH STRATEGY:
+**SEARCH STRATEGY**:
 - Use broad functional terms for best discovery
 - Single keywords work better than complex phrases
 - Multiple searches reveal ecosystem alternatives
-- Results include package names, versions, descriptions, and repository links
-
-USAGE EXAMPLES:
-- Single search: queries="testing" 
-- Multiple searches: queries=["react", "hooks", "typescript"]
-- Limit results: searchLimit=10`;
+- Combine with npm_view_package for detailed analysis of discovered packages`;
 const MAX_DESCRIPTION_LENGTH = 100;
 const MAX_KEYWORDS = 10;
 function registerNpmSearchTool(server) {
@@ -114317,18 +114298,20 @@ function buildGitHubIssuesAPICommand(params) {
 const NPM_VIEW_PACKAGE_TOOL_NAME = 'npmViewPackage';
 const DESCRIPTION = `View NPM package information using 'npm view' command. Supports field-specific queries and GitHub repository discovery.
 
-CAPABILITIES:
+**WHEN TO USE**: Use when users ask questions about npm packages - provides comprehensive package data and insights.
+
+**KEY INSIGHTS**:
+- Git repository URL for source code exploration
+- Package exports structure (understand API surface and dependencies)
+- Dependencies/devDependencies for ecosystem analysis
+- Version history, size, performance metrics
+- License and author information
+
+**CAPABILITIES**:
 - Full package info: npm view <package> --json (optimized format)
-- Single field: npm view <package> <field> (e.g., version, description, license)
+- Single field: npm view <package> <field> (version, description, license)
 - Multiple fields: filtered JSON response for specific fields
-- Repository URLs for GitHub integration and source code analysis
-- Version history, dependencies, and package metadata
-
-USAGE EXAMPLES:
-- Get version: field="version" 
-- Get repository: field="repository" or match="repository"
-- Get multiple: match=["version", "description", "license"]
-- Get all info: no parameters (returns optimized package data)`;
+- Repository URLs for GitHub integration and source code analysis`;
 function registerNpmViewPackageTool(server) {
     server.registerTool(NPM_VIEW_PACKAGE_TOOL_NAME, {
         description: DESCRIPTION,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "octocode-mcp",
-  "version": "2.3.12",
+  "version": "2.3.13",
   "description": "Model Context Protocol (MCP) server for advanced GitHub repository analysis, code discovery, and npm package exploration. Provides AI assistants with powerful tools to search, analyze, and understand codebases across GitHub and npm ecosystems.",
   "author": "Guy Bary <guybary@gmail.com>",
   "homepage": "https://octocode.ai",