xlsx-for-ai 2.0.0-beta.1 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +13 -0
- package/index.js +9 -1
- package/lib/client.js +6 -0
- package/package.json +2 -1
package/README.md
CHANGED
|
@@ -251,6 +251,19 @@ xlsx-for-ai --disable-telemetry
|
|
|
251
251
|
xlsx-for-ai --telemetry-status
|
|
252
252
|
```
|
|
253
253
|
|
|
254
|
+
**Privacy strict mode** — prevents error-triggered capture of your workbook bytes (see [PRIVACY.md](PRIVACY.md)):
|
|
255
|
+
|
|
256
|
+
```bash
|
|
257
|
+
# Per-session flag (applies to all tool calls in the CLI invocation)
|
|
258
|
+
xlsx-for-ai --privacy=strict myfile.xlsx
|
|
259
|
+
|
|
260
|
+
# Environment variable (applies globally to all requests in the process)
|
|
261
|
+
XFA_PRIVACY=strict xlsx-for-ai myfile.xlsx
|
|
262
|
+
|
|
263
|
+
# In MCP server config (applies to all tool calls from the MCP server):
|
|
264
|
+
# Set XFA_PRIVACY=strict in your MCP server's env block
|
|
265
|
+
```
|
|
266
|
+
|
|
254
267
|
Delete the config to reset your client ID and API key:
|
|
255
268
|
|
|
256
269
|
```bash
|
package/index.js
CHANGED
|
@@ -31,7 +31,8 @@ const {
|
|
|
31
31
|
|
|
32
32
|
function parseArgs(argv) {
|
|
33
33
|
const opts = { file: null, format: 'text', sheet: null, evaluate: false,
|
|
34
|
-
telemetryStatus: false, enableTelemetry: false, disableTelemetry: false
|
|
34
|
+
telemetryStatus: false, enableTelemetry: false, disableTelemetry: false,
|
|
35
|
+
privacyStrict: false };
|
|
35
36
|
let i = 0;
|
|
36
37
|
while (i < argv.length) {
|
|
37
38
|
const a = argv[i];
|
|
@@ -42,6 +43,7 @@ function parseArgs(argv) {
|
|
|
42
43
|
else if (a === '--telemetry-status') opts.telemetryStatus = true;
|
|
43
44
|
else if (a === '--enable-telemetry') opts.enableTelemetry = true;
|
|
44
45
|
else if (a === '--disable-telemetry') opts.disableTelemetry = true;
|
|
46
|
+
else if (a === '--privacy=strict') opts.privacyStrict = true;
|
|
45
47
|
else if (!a.startsWith('--')) opts.file = a;
|
|
46
48
|
i++;
|
|
47
49
|
}
|
|
@@ -72,6 +74,12 @@ async function main() {
|
|
|
72
74
|
|
|
73
75
|
await ensureRegistered();
|
|
74
76
|
|
|
77
|
+
// Privacy strict: --privacy=strict flag sets the env var for this process
|
|
78
|
+
// so callTool() (which reads XFA_PRIVACY) adds the header automatically.
|
|
79
|
+
if (opts.privacyStrict) {
|
|
80
|
+
process.env.XFA_PRIVACY = 'strict';
|
|
81
|
+
}
|
|
82
|
+
|
|
75
83
|
const fileB64 = fs.readFileSync(absPath).toString('base64');
|
|
76
84
|
// Server format enum is 'md' | 'json' | 'sql'. The legacy CLI default 'text'
|
|
77
85
|
// maps to the server's default (md). Don't send 'text' — server rejects it.
|
package/lib/client.js
CHANGED
|
@@ -39,6 +39,12 @@ async function post(path, body, opts = {}) {
|
|
|
39
39
|
if (cfg && cfg.api_key) headers['Authorization'] = `Bearer ${cfg.api_key}`;
|
|
40
40
|
}
|
|
41
41
|
|
|
42
|
+
// Privacy opt-out: XFA_PRIVACY=strict env var (or per-call override) adds
|
|
43
|
+
// X-XFA-Privacy: strict to every request, preventing error-triggered capture.
|
|
44
|
+
if (process.env.XFA_PRIVACY === 'strict' || opts.privacyStrict) {
|
|
45
|
+
headers['X-XFA-Privacy'] = 'strict';
|
|
46
|
+
}
|
|
47
|
+
|
|
42
48
|
let res;
|
|
43
49
|
try {
|
|
44
50
|
res = await fetchWithTimeout(url, {
|
package/package.json
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "xlsx-for-ai",
|
|
3
|
-
"
|
|
3
|
+
"mcpName": "io.github.senoff/xlsx-for-ai",
|
|
4
|
+
"version": "2.0.0",
|
|
4
5
|
"description": "The MCP server that makes LLMs reliable on real-world Excel spreadsheets. Thin npm client over a hosted API — read, write, diff, redact, and supervise .xlsx files from any MCP-aware agent.",
|
|
5
6
|
"main": "index.js",
|
|
6
7
|
"bin": {
|