Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement →
@master4n/master-cli
Advanced tools
@master4n/master-cli - npm Package Compare versions
| export declare const PROTOCOL_VERSION = "2025-06-18"; | ||
| /** Serve until stdin closes (client disconnect). Never returns. */ | ||
| /** | ||
| * Serve until stdin closes (client disconnect). Never returns. | ||
| * | ||
| * Requests are handled CONCURRENTLY: a slow tool call (`wait`, a long `http` | ||
| * probe) must not block `ping` or other calls behind it. JSON-RPC clients | ||
| * correlate responses by id, so out-of-order replies are fine; each reply is | ||
| * one atomic write, so concurrent lines never interleave. | ||
| */ | ||
| export declare function serveMcp(): Promise<never>; |
+2
-1
@@ -17,3 +17,4 @@ # @master4n/master-cli (`mfn`) | ||
| Protocol (stdio) for MCP-only clients — tools `mfn_capabilities`, `mfn_run` | ||
| `{command, args[]}`, `mfn_help`; `update` is deny-listed. Client config: | ||
| `{command, args[]}`, `mfn_help`; `update` is deny-listed. Requests are handled | ||
| concurrently (a slow `wait` never blocks `ping`). Client config: | ||
| `{ "command": "npx", "args": ["-y", "@master4n/master-cli", "mcp"] }`. | ||
@@ -20,0 +21,0 @@ `mfn mcp --json` describes the server without starting it. |
+1
-1
| { | ||
| "name": "@master4n/master-cli", | ||
| "version": "3.0.4", | ||
| "version": "3.0.5", | ||
| "description": "AI-agent-friendly command-line toolkit: timestamp/date conversion, JWT decoding, port killing, file finding, and directory trees — headless, --json, with a self-describing manifest and a built-in MCP server (mfn mcp).", | ||
@@ -5,0 +5,0 @@ "type": "module", |
+1
-1
@@ -43,3 +43,3 @@ # Security Policy | ||
| | **Clipboard secret redaction** | `clip` (read) | Passwords/tokens pasted through the clipboard (password managers). Secret-shaped content (private-key blocks, JWTs, AWS/GitHub/Slack/Google/npm/`sk-` tokens) is withheld with `redacted:true`. | | ||
| | **Env value scanning** | `env` | Redacts by NAME pattern (key/token/secret/…) **and** by VALUE shape — an innocently named variable holding a JWT is still redacted. `mfn env` with no names lists names only. | | ||
| | **Env value scanning** | `env` | Redacts by NAME pattern (key/token/secret/…) **and** by VALUE shape — an innocently named variable holding a JWT is still redacted. The mask is uniform (`••••` + length): no prefix/suffix characters are ever revealed. `mfn env` with no names lists names only. | | ||
| | **Dotenv never reads values** | `dotenv` | Compares KEY presence between `.env` and `.env.example`; values are never parsed, stored, or returned. | | ||
@@ -46,0 +46,0 @@ | **Cloud-metadata block** (`BlockedTarget`, exit 2) | `http` `wait -u` | SSRF credential theft via `169.254.169.254`, `metadata.google.internal`, Alibaba/AWS v6 endpoints. Localhost stays allowed — probing your own dev server is the point. | |
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is too big to display
No alert changes
Improved metrics
- Total package byte prevSize
396729
0.17%- Lines of code
1247
0.65%No dependency changes