staff-mcp 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 staff-mcp
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,89 @@
+# staff-mcp
+
+[English](./README.md) | [简体中文](./README_zh.md)
+
+A powerful Model Context Protocol (MCP) server providing file management, shell execution, and LSP capabilities. Built for seamless integration with AI assistants like Claude Desktop, IDE plugins, and custom agents.
+
+## 🚀 Quick Start
+
+### Installation
+
+```bash
+npm install
+npm run build
+```
+
+### Running the Server
+
+**Using npx (Quickest)**
+
+```bash
+# From local directory
+npx . --working-dir /path/to/your/project
+
+# If published to npm (e.g., @your-org/staff-mcp)
+# npx -y @your-org/staff-mcp --working-dir /path/to/your/project
+```
+
+**Stdio Mode (Recommended for Claude Desktop)**
+
+```bash
+# Using npm (Recommended)
+npm start -- --working-dir /path/to/your/project
+```
+
+**HTTP Mode**
+
+```bash
+# Using npm
+npm start -- --transport http --port 3000
+
+# Using node directly
+node dist/src/index.js --transport http --port 3000
+```
+
+### CLI Arguments
+
+| Option | Description | Default |
+| :--- | :--- | :--- |
+| `--working-dir` | Root directory for the sandbox | `process.cwd()` |
+| `--allowed-dir` | Extra directories allowed for access | `[]` |
+| `--transport` | Transport type (`stdio` or `http`) | `stdio` |
+| `--port` | Port for HTTP server | `3000` |
+
+---
+
+## 🛠️ Supported MCP Features
+
+- **Tools**: Comprehensive file operations, shell execution, and LSP support.
+- **Skills & Prompts**: Compatible with the `SKILL.md` format. Automatically detects skills in `.staff/skills/`, `.claude/skills/`, etc.
+- **MCP Native Support**: Implements the `instructions` mechanism to provide model context for environment awareness (OS, shell, etc.) and tool relationships.
+
+### Skill File Format (`SKILL.md`)
+
+```markdown
+---
+name: my-skill
+description: Skill description
+---
+Skill instructions here...
+```
+
+---
+
+## 💻 Cross-Platform Compatibility
+
+`staff-mcp` handles environment differences automatically:
+- **Paths**: Resolves `\` (Windows) and `/` (Unix) based on host OS.
+- **Shell**: Uses `cmd.exe` on Windows and `sh` on Linux/macOS.
+- **Line Endings**: Supports both `CRLF` and `LF` for file operations.
+
+## 🧪 Development
+
+```bash
+npm run dev -- --working-dir ./test-workspace
+```
+
+## 📄 License
+
+MIT

package/README_zh.md

@@ -0,0 +1,89 @@
+# staff-mcp
+
+[English](./README.md) | [简体中文](./README_zh.md)
+
+一个功能强大的 Model Context Protocol (MCP) 服务端，提供文件管理、Shell 执行和 LSP 能力。专为 AI 助手（如 Claude Desktop、IDE 插件和自定义 Agent）的无缝集成而设计。
+
+## 🚀 快速开始
+
+### 安装
+
+```bash
+npm install
+npm run build
+```
+
+### 运行服务
+
+**使用 npx (最快方式)**
+
+```bash
+# 在项目本地运行
+npx . --working-dir /你的项目/路径
+
+# 如果已发布到 npm (例如 @your-org/staff-mcp)
+# npx -y @your-org/staff-mcp --working-dir /你的项目/路径
+```
+
+**Stdio 模式 (Claude Desktop 推荐方式)**
+
+```bash
+# 使用 npm (推荐)
+npm start -- --working-dir /你的项目/路径
+```
+
+**HTTP 模式**
+
+```bash
+# 使用 npm
+npm start -- --transport http --port 3000
+
+# 使用 node 直接启动
+node dist/src/index.js --transport http --port 3000
+```
+
+### 命令行参数
+
+| 参数 | 说明 | 默认值 |
+| :--- | :--- | :--- |
+| `--working-dir` | 沙箱根目录 | `process.cwd()` |
+| `--allowed-dir` | 额外允许访问的目录 | `[]` |
+| `--transport` | 传输方式 (`stdio` 或 `http`) | `stdio` |
+| `--port` | HTTP 服务端口 | `3000` |
+
+---
+
+## 🛠️ 支持的 MCP 特性
+
+- **Tools (工具)**: 提供完整的文件操作、Shell 执行和 LSP（符号/诊断）支持。
+- **Skills (技能)**: 兼容 `SKILL.md` 格式。自动检测并注册 `.staff/skills/`、`.claude/skills/` 等目录下的技能及 Prompts。
+- **MCP 原生支持**: 实现了 `instructions` 机制，为模型自动提供环境感知（OS、Shell、路径规则）及工具调用建议。
+
+### Skill 文件格式 (`SKILL.md`)
+
+```markdown
+---
+name: my-skill
+description: 技能描述
+---
+这里是技能的具体指令...
+```
+
+---
+
+## 💻 跨平台兼容性
+
+`staff-mcp` 自动处理环境差异：
+- **路径**: 根据宿主系统解析 `\` (Windows) 或 `/` (Unix)。
+- **Shell**: Windows 使用 `cmd.exe`，Linux/macOS 使用 `sh`。
+- **换行符**: 文件操作支持 `CRLF` 和 `LF`。
+
+## 🧪 开发
+
+```bash
+npm run dev -- --working-dir ./test-workspace
+```
+
+## 📄 开源协议
+
+MIT

package/dist/constants.d.ts

@@ -0,0 +1,2 @@
+export declare const CHARACTER_LIMIT = 25000;
+export declare const DEFAULT_TIMEOUT = 10000;

package/dist/constants.js

@@ -0,0 +1,3 @@
+export const CHARACTER_LIMIT = 25000;
+export const DEFAULT_TIMEOUT = 10000;
+//# sourceMappingURL=constants.js.map

package/dist/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,eAAe,GAAG,KAAK,CAAC;AACrC,MAAM,CAAC,MAAM,eAAe,GAAG,KAAK,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/index.js

@@ -0,0 +1,26 @@
+import { Command } from "commander";
+import path from "path";
+import { createServer } from "./server.js";
+import { startStdioServer } from "./transports/stdio.js";
+import { startHttpServer } from "./transports/http.js";
+const program = new Command();
+program
+    .name("dev-env-mcp-server")
+    .description("MCP Server with file, shell, and LSP capabilities.")
+    .version("1.0.0")
+    .option("-t, --transport <type>", "Transport type (stdio or http)", "stdio")
+    .option("-p, --port <number>", "Port for HTTP server", "3000")
+    .option("-h, --host <address>", "Host for HTTP server", "127.0.0.1")
+    .option("-d, --allowed-dir <paths...>", "Directories allowed for sandbox", [process.cwd()])
+    .action(async (options) => {
+    const allowedDirs = options.allowedDir.map((d) => path.resolve(d));
+    const server = createServer("dev-env-mcp-server", "1.0.0", allowedDirs);
+    if (options.transport === "http") {
+        await startHttpServer(server, parseInt(options.port, 10), options.host);
+    }
+    else {
+        await startStdioServer(server);
+    }
+});
+program.parse(process.argv);
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAEvD,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,oBAAoB,CAAC;KAC1B,WAAW,CAAC,oDAAoD,CAAC;KACjE,OAAO,CAAC,OAAO,CAAC;KAChB,MAAM,CAAC,wBAAwB,EAAE,gCAAgC,EAAE,OAAO,CAAC;KAC3E,MAAM,CAAC,qBAAqB,EAAE,sBAAsB,EAAE,MAAM,CAAC;KAC7D,MAAM,CAAC,sBAAsB,EAAE,sBAAsB,EAAE,WAAW,CAAC;KACnE,MAAM,CAAC,8BAA8B,EAAE,iCAAiC,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;KAC1F,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;IACxB,MAAM,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3E,MAAM,MAAM,GAAG,YAAY,CAAC,oBAAoB,EAAE,OAAO,EAAE,WAAW,CAAC,CAAC;IAExE,IAAI,OAAO,CAAC,SAAS,KAAK,MAAM,EAAE,CAAC;QACjC,MAAM,eAAe,CAAC,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1E,CAAC;SAAM,CAAC;QACN,MAAM,gBAAgB,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC"}

package/dist/security.d.ts

@@ -0,0 +1,16 @@
+export declare class SecurityManager {
+    private allowedDirs;
+    constructor(allowedDirs: string[]);
+    /**
+     * Resolves a target path and ensures it lies within one of the allowed directories.
+     * @param targetPath The relative or absolute path requested.
+     * @param cwd Optional base directory for resolution (must also be validated if provided).
+     * @returns The absolute, validated path.
+     * @throws Error if the path is outside the allowed sandbox.
+     */
+    resolveAndValidatePath(targetPath: string, cwd?: string): string;
+    /**
+     * Validates if a specific directory is allowed.
+     */
+    validateDirectory(dirPath: string): string;
+}

package/dist/security.js

@@ -0,0 +1,43 @@
+import path from "path";
+export class SecurityManager {
+    allowedDirs;
+    constructor(allowedDirs) {
+        this.allowedDirs = allowedDirs.map(dir => path.resolve(dir));
+    }
+    /**
+     * Resolves a target path and ensures it lies within one of the allowed directories.
+     * @param targetPath The relative or absolute path requested.
+     * @param cwd Optional base directory for resolution (must also be validated if provided).
+     * @returns The absolute, validated path.
+     * @throws Error if the path is outside the allowed sandbox.
+     */
+    resolveAndValidatePath(targetPath, cwd) {
+        const base = cwd ? path.resolve(cwd) : process.cwd();
+        // If cwd is provided, we should probably ensure it's within allowedDirs as well
+        // but typically we resolve target relative to base.
+        const resolvedPath = path.resolve(base, targetPath);
+        const isAllowed = this.allowedDirs.some(allowedDir => {
+            const relative = path.relative(allowedDir, resolvedPath);
+            return !relative.startsWith("..") && !path.isAbsolute(relative);
+        });
+        if (!isAllowed) {
+            throw new Error(`Security Error: Path "${resolvedPath}" is outside the allowed directories.`);
+        }
+        return resolvedPath;
+    }
+    /**
+     * Validates if a specific directory is allowed.
+     */
+    validateDirectory(dirPath) {
+        const resolved = path.resolve(dirPath);
+        const isAllowed = this.allowedDirs.some(allowedDir => {
+            const relative = path.relative(allowedDir, resolved);
+            return !relative.startsWith("..") && !path.isAbsolute(relative);
+        });
+        if (!isAllowed) {
+            throw new Error(`Security Error: Directory "${resolved}" is not in the allowed list.`);
+        }
+        return resolved;
+    }
+}
+//# sourceMappingURL=security.js.map

package/dist/security.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security.js","sourceRoot":"","sources":["../src/security.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,MAAM,OAAO,eAAe;IAClB,WAAW,CAAW;IAE9B,YAAY,WAAqB;QAC/B,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;IAC/D,CAAC;IAED;;;;;;OAMG;IACI,sBAAsB,CAAC,UAAkB,EAAE,GAAY;QAC5D,MAAM,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QAErD,gFAAgF;QAChF,oDAAoD;QACpD,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAEpD,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE;YACnD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;YACzD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAClE,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,yBAAyB,YAAY,uCAAuC,CAAC,CAAC;QAChG,CAAC;QAED,OAAO,YAAY,CAAC;IACtB,CAAC;IAED;;OAEG;IACI,iBAAiB,CAAC,OAAe;QACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACvC,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE;YACnD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;YACrD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAClE,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,8BAA8B,QAAQ,+BAA+B,CAAC,CAAC;QACzF,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}

package/dist/server.d.ts

@@ -0,0 +1,9 @@
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+/**
+ * Creates and initializes a new McpServer with all tools.
+ * @param name The server's identification name.
+ * @param version The server's version.
+ * @param allowedDirs Directories for the SecurityManager.
+ * @returns An initialized McpServer instance.
+ */
+export declare function createServer(name: string, version: string, allowedDirs: string[]): McpServer;

package/dist/server.js

@@ -0,0 +1,25 @@
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { SecurityManager } from "./security.js";
+import { registerFileTools } from "./tools/file-tools.js";
+import { registerShellTools } from "./tools/shell-tools.js";
+import { registerLspTools } from "./tools/lsp-tools.js";
+/**
+ * Creates and initializes a new McpServer with all tools.
+ * @param name The server's identification name.
+ * @param version The server's version.
+ * @param allowedDirs Directories for the SecurityManager.
+ * @returns An initialized McpServer instance.
+ */
+export function createServer(name, version, allowedDirs) {
+    const server = new McpServer({
+        name,
+        version,
+    });
+    const security = new SecurityManager(allowedDirs);
+    // Register all tool modules
+    registerFileTools(server, security);
+    registerShellTools(server, security);
+    registerLspTools(server, security);
+    return server;
+}
+//# sourceMappingURL=server.js.map

package/dist/server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAExD;;;;;;GAMG;AACH,MAAM,UAAU,YAAY,CAAC,IAAY,EAAE,OAAe,EAAE,WAAqB;IAC/E,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;QAC3B,IAAI;QACJ,OAAO;KACR,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,IAAI,eAAe,CAAC,WAAW,CAAC,CAAC;IAElD,4BAA4B;IAC5B,iBAAiB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACpC,kBAAkB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACrC,gBAAgB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAEnC,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/src/constants.d.ts

@@ -0,0 +1,2 @@
+export declare const CHARACTER_LIMIT = 25000;
+export declare const DEFAULT_TIMEOUT = 10000;

package/dist/src/constants.js

@@ -0,0 +1,3 @@
+export const CHARACTER_LIMIT = 25000;
+export const DEFAULT_TIMEOUT = 10000;
+//# sourceMappingURL=constants.js.map

package/dist/src/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,eAAe,GAAG,KAAK,CAAC;AACrC,MAAM,CAAC,MAAM,eAAe,GAAG,KAAK,CAAC"}

package/dist/src/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/src/index.js

@@ -0,0 +1,29 @@
+#!/usr/bin/env node
+import { Command } from "commander";
+import * as path from "path";
+import { createServer } from "./server.js";
+import { startStdioServer } from "./transports/stdio.js";
+import { startHttpServer } from "./transports/http.js";
+const program = new Command();
+program
+    .name("staff-mcp")
+    .description("MCP Server with file, shell, and LSP capabilities.")
+    .version("1.0.0")
+    .option("-t, --transport <type>", "Transport type (stdio or http)", "stdio")
+    .option("-p, --port <number>", "Port for HTTP server", "3000")
+    .option("-h, --host <address>", "Host for HTTP server", "127.0.0.1")
+    .option("-w, --working-dir <path>", "Working directory for the server (defaults to current execution path)", process.cwd())
+    .option("-d, --allowed-dir <paths...>", "Additional directories allowed for sandbox", [])
+    .action(async (options) => {
+    const workingDir = path.resolve(options.workingDir);
+    const allowedDirs = options.allowedDir.map((d) => path.resolve(d));
+    const server = createServer("staff-mcp", "1.0.0", workingDir, allowedDirs);
+    if (options.transport === "http") {
+        await startHttpServer(server, parseInt(options.port, 10), options.host);
+    }
+    else {
+        await startStdioServer(server);
+    }
+});
+program.parse(process.argv);
+//# sourceMappingURL=index.js.map

package/dist/src/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAEvD,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,WAAW,CAAC;KACjB,WAAW,CAAC,oDAAoD,CAAC;KACjE,OAAO,CAAC,OAAO,CAAC;KAChB,MAAM,CAAC,wBAAwB,EAAE,gCAAgC,EAAE,OAAO,CAAC;KAC3E,MAAM,CAAC,qBAAqB,EAAE,sBAAsB,EAAE,MAAM,CAAC;KAC7D,MAAM,CAAC,sBAAsB,EAAE,sBAAsB,EAAE,WAAW,CAAC;KACnE,MAAM,CAAC,0BAA0B,EAAE,uEAAuE,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;KAC1H,MAAM,CAAC,8BAA8B,EAAE,4CAA4C,EAAE,EAAE,CAAC;KACxF,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;IACxB,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IACpD,MAAM,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3E,MAAM,MAAM,GAAG,YAAY,CAAC,WAAW,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;IAE3E,IAAI,OAAO,CAAC,SAAS,KAAK,MAAM,EAAE,CAAC;QACjC,MAAM,eAAe,CAAC,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1E,CAAC;SAAM,CAAC;QACN,MAAM,gBAAgB,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC"}

package/dist/src/security.d.ts

@@ -0,0 +1,21 @@
+export declare class SecurityManager {
+    private allowedDirs;
+    private workingDir;
+    constructor(workingDir: string, allowedDirs?: string[]);
+    /**
+     * Resolves a target path and ensures it lies within one of the allowed directories.
+     * @param targetPath The relative or absolute path requested.
+     * @param cwd Optional base directory for resolution (must also be validated if provided).
+     * @returns The absolute, validated path.
+     * @throws Error if the path is outside the allowed sandbox.
+     */
+    resolveAndValidatePath(targetPath: string, cwd?: string): string;
+    /**
+     * Validates if a specific directory is allowed.
+     */
+    /**
+     * Validates if a specific directory is allowed.
+     */
+    validateDirectory(dirPath: string): string;
+    getAllowedDirs(): string[];
+}

package/dist/src/security.js

@@ -0,0 +1,51 @@
+import * as path from "path";
+export class SecurityManager {
+    allowedDirs;
+    workingDir;
+    constructor(workingDir, allowedDirs = []) {
+        this.workingDir = path.resolve(workingDir);
+        // Working directory is always allowed
+        const resolvedAllowedDirs = allowedDirs.map(dir => path.resolve(dir));
+        this.allowedDirs = Array.from(new Set([this.workingDir, ...resolvedAllowedDirs]));
+    }
+    /**
+     * Resolves a target path and ensures it lies within one of the allowed directories.
+     * @param targetPath The relative or absolute path requested.
+     * @param cwd Optional base directory for resolution (must also be validated if provided).
+     * @returns The absolute, validated path.
+     * @throws Error if the path is outside the allowed sandbox.
+     */
+    resolveAndValidatePath(targetPath, cwd) {
+        const base = cwd ? path.resolve(cwd) : this.workingDir;
+        const resolvedPath = path.resolve(base, targetPath);
+        const isAllowed = this.allowedDirs.some(allowedDir => {
+            const relative = path.relative(allowedDir, resolvedPath);
+            return !relative.startsWith("..") && !path.isAbsolute(relative);
+        });
+        if (!isAllowed) {
+            throw new Error(`Security Error: Path "${resolvedPath}" is outside the allowed directories.`);
+        }
+        return resolvedPath;
+    }
+    /**
+     * Validates if a specific directory is allowed.
+     */
+    /**
+     * Validates if a specific directory is allowed.
+     */
+    validateDirectory(dirPath) {
+        const resolved = path.resolve(this.workingDir, dirPath);
+        const isAllowed = this.allowedDirs.some(allowedDir => {
+            const relative = path.relative(allowedDir, resolved);
+            return !relative.startsWith("..") && !path.isAbsolute(relative);
+        });
+        if (!isAllowed) {
+            throw new Error(`Security Error: Directory "${resolved}" is not in the allowed list.`);
+        }
+        return resolved;
+    }
+    getAllowedDirs() {
+        return [...this.allowedDirs];
+    }
+}
+//# sourceMappingURL=security.js.map

package/dist/src/security.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security.js","sourceRoot":"","sources":["../../src/security.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAE7B,MAAM,OAAO,eAAe;IAClB,WAAW,CAAW;IACtB,UAAU,CAAS;IAE3B,YAAY,UAAkB,EAAE,cAAwB,EAAE;QACxD,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAC3C,sCAAsC;QACtC,MAAM,mBAAmB,GAAG,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;QACtE,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,mBAAmB,CAAC,CAAC,CAAC,CAAC;IACpF,CAAC;IAED;;;;;;OAMG;IACI,sBAAsB,CAAC,UAAkB,EAAE,GAAY;QAC5D,MAAM,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC;QAEvD,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAEpD,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE;YACnD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;YACzD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAClE,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,yBAAyB,YAAY,uCAAuC,CAAC,CAAC;QAChG,CAAC;QAED,OAAO,YAAY,CAAC;IACtB,CAAC;IAED;;OAEG;IACH;;OAEG;IACI,iBAAiB,CAAC,OAAe;QACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACxD,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE;YACnD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;YACrD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAClE,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,8BAA8B,QAAQ,+BAA+B,CAAC,CAAC;QACzF,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEM,cAAc;QACnB,OAAO,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,CAAC;IAC/B,CAAC;CACF"}

package/dist/src/server.d.ts

@@ -0,0 +1,10 @@
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+/**
+ * Creates and initializes a new McpServer with all functional tools.
+ * @param name The server's identification name.
+ * @param version The server's version.
+ * @param workingDir The working directory for the server.
+ * @param allowedDirs Additional directories for the SecurityManager.
+ * @returns An initialized McpServer instance.
+ */
+export declare function createServer(name: string, version: string, workingDir: string, allowedDirs: string[]): McpServer;

package/dist/src/server.js

@@ -0,0 +1,34 @@
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { SecurityManager } from "./security.js";
+import { registerFileTools } from "./tools/file-tools.js";
+import { registerShellTools } from "./tools/shell-tools.js";
+import { registerLspTools } from "./tools/lsp-tools.js";
+import { registerSkillTools } from "./tools/skill-tools.js";
+import { getMcpInstructions } from "./tools/system-tools.js";
+/**
+ * Creates and initializes a new McpServer with all functional tools.
+ * @param name The server's identification name.
+ * @param version The server's version.
+ * @param workingDir The working directory for the server.
+ * @param allowedDirs Additional directories for the SecurityManager.
+ * @returns An initialized McpServer instance.
+ */
+export function createServer(name, version, workingDir, allowedDirs) {
+    const security = new SecurityManager(workingDir, allowedDirs);
+    // Generate instructions with system-specific details (OS, shell, etc.)
+    const instructions = getMcpInstructions(workingDir, security);
+    const server = new McpServer({
+        name,
+        version,
+    }, {
+        // Pass the instruction string to the initialize response
+        instructions,
+    });
+    // Register all functional tool modules
+    registerFileTools(server, security);
+    registerShellTools(server, security);
+    registerLspTools(server, security);
+    registerSkillTools(server, workingDir, security);
+    return server;
+}
+//# sourceMappingURL=server.js.map

package/dist/src/server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../../src/server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACxD,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAC5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAE7D;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY,CAAC,IAAY,EAAE,OAAe,EAAE,UAAkB,EAAE,WAAqB;IACnG,MAAM,QAAQ,GAAG,IAAI,eAAe,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IAE9D,uEAAuE;IACvE,MAAM,YAAY,GAAG,kBAAkB,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IAE9D,MAAM,MAAM,GAAG,IAAI,SAAS,CAC1B;QACE,IAAI;QACJ,OAAO;KACR,EACD;QACE,yDAAyD;QACzD,YAAY;KACb,CACF,CAAC;IAEF,uCAAuC;IACvC,iBAAiB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACpC,kBAAkB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACrC,gBAAgB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACnC,kBAAkB,CAAC,MAAM,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC;IAEjD,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/src/tools/file-tools.d.ts

@@ -0,0 +1,6 @@
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { SecurityManager } from "../security.js";
+/**
+ * Registers file-related tools using the latest registerTool API.
+ */
+export declare function registerFileTools(server: McpServer, security: SecurityManager): void;