npm - vexp-mcp - Versions diffs - 2.0.11 → 2.0.12 - Mend

vexp-mcp 2.0.11 → 2.0.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/daemon-client.js CHANGED Viewed

@@ -307,7 +307,7 @@ function binaryEnvFor(binaryPath) {
     return env;
 }
 /** FNV-1a 64-bit hash — must match vexp-core/src/utils.rs md5_hash() */
-function fnvHash(input) {
+export function fnvHash(input) {
     let hash = BigInt("0xcbf29ce484222325");
     const prime = BigInt("0x100000001b3");
     const mask = BigInt("0xffffffffffffffff");
@@ -470,6 +470,41 @@ function getDefaultSocketPath() {
     return path.join(workspaceRoot, ".vexp", "daemon.sock");
 }
 export { discoverWorkspaceRoot };
+/**
+ * Reverse lookup: given the first 8 hex chars of fnvHash(workspaceRoot),
+ * return the socket path of the matching daemon from the registry.
+ *
+ * Used by the HTTP MCP transport to route /ws/:hash/mcp requests to the
+ * correct daemon. Returns null if no registry entry matches or the socket
+ * file is gone (stale entry).
+ */
+export function resolveSocketByWorkspaceHash(hashPrefix) {
+    const home = process.env.HOME ?? process.env.USERPROFILE ?? "";
+    if (!home)
+        return null;
+    const registryPath = path.join(home, ".vexp", "daemons.json");
+    let registry;
+    try {
+        registry = JSON.parse(fs.readFileSync(registryPath, "utf-8"));
+    }
+    catch {
+        return null;
+    }
+    const target = hashPrefix.toLowerCase();
+    for (const [ws, sock] of Object.entries(registry)) {
+        const hash = fnvHash(ws.toLowerCase()).slice(0, 8);
+        if (hash !== target)
+            continue;
+        if (process.platform === "win32")
+            return sock;
+        try {
+            if (fs.statSync(sock).isSocket())
+                return sock;
+        }
+        catch { /* stale */ }
+    }
+    return null;
+}
 /** Human-friendly hint printed when a connection attempt fails — enumerates
  *  what we tried to make the failure actionable instead of misleading. */
 function daemonRunHint() {

package/dist/index.js CHANGED Viewed

@@ -7,7 +7,7 @@ import { createServer } from "http";
 import { randomUUID } from "crypto";
 import fs from "fs";
 import path from "path";
-import { DaemonClient } from "./daemon-client.js";
+import { DaemonClient, resolveSocketByWorkspaceHash } from "./daemon-client.js";
 import { GET_CONTEXT_CAPSULE_DEFINITION, handleGetContextCapsule, } from "./tools/get-context-capsule.js";
 import { GET_IMPACT_GRAPH_DEFINITION, handleGetImpactGraph, } from "./tools/get-impact-graph.js";
 import { SEARCH_LOGIC_FLOW_DEFINITION, handleSearchLogicFlow, } from "./tools/search-logic-flow.js";
@@ -168,9 +168,11 @@ function resolveToken() {
     }
     return token;
 }
-async function startHttp(daemon, port) {
+async function startHttp(fallbackDaemon, port) {
     const app = express();
     app.use(express.json());
+    // Sessions are keyed per-workspace so different workspaces cannot leak
+    // transports into each other's streams.
     const transports = new Map();
     const bearerToken = resolveToken();
     // CORS preflight
@@ -180,38 +182,35 @@ async function startHttp(daemon, port) {
         res.setHeader("Access-Control-Allow-Headers", "Content-Type, mcp-session-id, Authorization");
         res.status(204).send();
     });
-    // Bearer token auth middleware — protects /mcp, skips /health and OPTIONS
-    app.use("/mcp", (req, res, next) => {
+    // Bearer token auth middleware — protects all /mcp and /ws/*/mcp paths.
+    const authGuard = (req, res, next) => {
         const authHeader = req.headers.authorization;
         if (!authHeader || authHeader !== `Bearer ${bearerToken}`) {
             res.status(401).json({ error: "Unauthorized", message: "Missing or invalid Bearer token" });
             return;
         }
         next();
-    });
-    // Single MCP endpoint — handles initialize (POST without session ID),
-    // subsequent JSON-RPC requests, and GET for SSE notification streams.
-    app.all("/mcp", async (req, res) => {
+    };
+    app.use("/mcp", authGuard);
+    app.use("/ws", authGuard);
+    const handleMcpRequest = async (req, res, hash, daemon) => {
         res.setHeader("Access-Control-Allow-Origin", "*");
         const sessionId = req.headers["mcp-session-id"];
         if (sessionId) {
-            const transport = transports.get(sessionId);
-            if (!transport) {
-                // Session lost (server restart, transport closed) — create a new one
-                // instead of returning 404, so the client transparently reconnects.
-                console.error(`[vexp-mcp] Session ${sessionId} not found — creating new transport`);
-                // Fall through to the "new session" code below
-            }
-            else {
-                await transport.handleRequest(req, res, req.body);
+            const entry = transports.get(sessionId);
+            if (entry && entry.hash === hash) {
+                await entry.transport.handleRequest(req, res, req.body);
                 return;
             }
+            // Session unknown or mismatched workspace — create a new one.
+            if (entry && entry.hash !== hash) {
+                console.error(`[vexp-mcp] Session ${sessionId} reused across workspaces (${entry.hash} → ${hash}); issuing new session`);
+            }
         }
-        // No session ID → new client initializing
         const transport = new StreamableHTTPServerTransport({
             sessionIdGenerator: () => randomUUID(),
             onsessioninitialized: (sid) => {
-                transports.set(sid, transport);
+                transports.set(sid, { transport, hash });
             },
         });
         transport.onclose = () => {
@@ -221,11 +220,35 @@ async function startHttp(daemon, port) {
         const server = createMcpServer(daemon);
         await server.connect(transport);
         await transport.handleRequest(req, res, req.body);
+    };
+    // New canonical route: /ws/:hash/mcp — hash is first 8 hex chars of
+    // fnvHash(workspaceRoot.toLowerCase()). Each request gets a DaemonClient
+    // pinned to the matching socket from ~/.vexp/daemons.json, so multiple
+    // workspaces do not contaminate each other's results.
+    app.all("/ws/:hash/mcp", async (req, res) => {
+        const { hash } = req.params;
+        const socketPath = resolveSocketByWorkspaceHash(hash);
+        if (!socketPath) {
+            res.status(503).json({
+                error: "NoDaemon",
+                message: `No running daemon matches workspace hash ${hash}. Run 'vexp setup' or 'vexp daemon-cmd start' in the project.`,
+            });
+            return;
+        }
+        const daemon = new DaemonClient(socketPath);
+        await handleMcpRequest(req, res, hash, daemon);
+    });
+    // Legacy route — kept for backward compat. Uses the fallback daemon,
+    // which resolves via registry at request time and returns the single
+    // entry if only one workspace is active. Multi-workspace setups should
+    // migrate to /ws/:hash/mcp via the next `vexp setup`.
+    app.all("/mcp", async (req, res) => {
+        await handleMcpRequest(req, res, "_legacy", fallbackDaemon);
     });
-    // Health check
+    // Health check — uses fallback daemon (single-workspace registry lookup).
     app.get("/health", async (_req, res) => {
         try {
-            const healthy = await daemon.health();
+            const healthy = await fallbackDaemon.health();
             res.json({ status: healthy ? "ok" : "daemon_down", sessions: transports.size });
         }
         catch {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "vexp-mcp",
-  "version": "2.0.11",
+  "version": "2.0.12",
   "description": "vexp MCP server — AI context tools for coding agents",
   "type": "module",
   "main": "dist/index.js",