sonance-brand-mcp 1.3.33 → 1.3.35

package/dist/assets/api/sonance-vision-edit/route.ts

@@ -393,39 +393,58 @@ CRITICAL: Only use file paths from the VALID FILES list above. Do NOT create new
         );
       }
 
-      // Build list of valid file paths
-      const validPaths = new Set<string>();
+      // Build list of known file paths (for logging)
+      const knownPaths = new Set<string>();
       if (pageContext.pageFile) {
-        validPaths.add(pageContext.pageFile);
+        knownPaths.add(pageContext.pageFile);
       }
       for (const comp of pageContext.componentSources) {
-        validPaths.add(comp.path);
+        knownPaths.add(comp.path);
       }
 
-      debugLog("VALIDATION: Valid file paths from page context", { 
+      debugLog("VALIDATION: Known file paths from page context", {
         pageFile: pageContext.pageFile,
-        validPaths: Array.from(validPaths),
+        knownPaths: Array.from(knownPaths),
         aiRequestedFiles: (aiResponse.modifications || []).map(m => m.filePath)
       });
 
-      // Validate AI response - reject any file paths not in our valid list
-      const invalidMods = (aiResponse.modifications || []).filter(
-        (mod) => !validPaths.has(mod.filePath)
-      );
+      // Validate AI response - trust the LLM to identify the correct file
+      // Only reject paths that are outside the project or don't exist
+      for (const mod of aiResponse.modifications || []) {
+        const fullPath = path.join(projectRoot, mod.filePath);
 
-      if (invalidMods.length > 0) {
-        debugLog("REJECTED: AI attempted to create new files", { invalidMods: invalidMods.map(m => m.filePath) });
-        console.error(
-          "AI attempted to create new files:",
-          invalidMods.map((m) => m.filePath)
-        );
-        return NextResponse.json(
-          {
-            success: false,
-            error: `Cannot create new files. The following paths were not found in the project: ${invalidMods.map((m) => m.filePath).join(", ")}. Please try a more specific request targeting existing components.`,
-          } as VisionEditResponse,
-          { status: 400 }
-        );
+        // Security: Ensure path is within project (prevent path traversal)
+        const normalizedPath = path.normalize(fullPath);
+        if (!normalizedPath.startsWith(projectRoot)) {
+          debugLog("REJECTED: Path outside project", { filePath: mod.filePath });
+          return NextResponse.json(
+            {
+              success: false,
+              error: `Invalid file path: ${mod.filePath} (outside project directory)`,
+            } as VisionEditResponse,
+            { status: 400 }
+          );
+        }
+
+        // Check if file exists - LLM should only edit existing files
+        if (!fs.existsSync(fullPath)) {
+          debugLog("REJECTED: File not found", { filePath: mod.filePath });
+          return NextResponse.json(
+            {
+              success: false,
+              error: `File not found: ${mod.filePath}. The file may have been moved or deleted.`,
+            } as VisionEditResponse,
+            { status: 400 }
+          );
+        }
+
+        // If file wasn't in our known context, log it (LLM identified it from screenshot)
+        if (!knownPaths.has(mod.filePath)) {
+          debugLog("LLM identified file not in import chain - trusting its judgment", {
+            filePath: mod.filePath,
+            exists: true
+          });
+        }
       }
 
       // Process modifications - apply patches to get modified content

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sonance-brand-mcp",
-  "version": "1.3.33",
+  "version": "1.3.35",
   "description": "MCP Server for Sonance Brand Guidelines and Component Library - gives Claude instant access to brand colors, typography, and UI components.",
   "main": "dist/index.js",
   "type": "module",