Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement ā
mcp-code-context
Advanced tools
mcp-code-context - npm Package Compare versions
| import fs from 'node:fs'; | ||
| import path from 'node:path'; | ||
| /** | ||
| * Universal Version Replacer - v1.0.0 | ||
| * Usage: node scripts/replace-version.js <oldVersion> <newVersion> | ||
| */ | ||
| const [,, oldVersion, newVersion] = process.argv; | ||
| if (!oldVersion || !newVersion) { | ||
| console.error('Usage: node scripts/replace-version.js <oldVersion> <newVersion>'); | ||
| console.error('Example: node scripts/replace-version.js 3.4.0 3.4.1'); | ||
| process.exit(1); | ||
| } | ||
| const root = process.cwd(); | ||
| const oldRegex = new RegExp(oldVersion.replace(/\./g, '\\.'), 'g'); | ||
| console.log(`š Starting global replace: ${oldVersion} -> ${newVersion}`); | ||
| function walk(dir) { | ||
| const files = fs.readdirSync(dir); | ||
| for (const file of files) { | ||
| const fullPath = path.join(dir, file); | ||
| // Safety boundaries | ||
| if (fullPath.includes('.git') || | ||
| fullPath.includes('node_modules') || | ||
| fullPath.includes('scripts') || | ||
| file === 'stderr.txt' || | ||
| file === 'stdout.txt') continue; | ||
| const stat = fs.statSync(fullPath); | ||
| if (stat.isDirectory()) { | ||
| walk(fullPath); | ||
| } else { | ||
| // Process only relevant text files | ||
| const ext = path.extname(file).toLowerCase(); | ||
| const textExtensions = ['.ts', '.js', '.json', '.md', '.txt', '.d.ts', '.map']; | ||
| if (textExtensions.includes(ext) || file.endsWith('.d.ts')) { | ||
| try { | ||
| const content = fs.readFileSync(fullPath, 'utf8'); | ||
| if (content.includes(oldVersion)) { | ||
| const updated = content.replace(oldRegex, newVersion); | ||
| fs.writeFileSync(fullPath, updated, 'utf8'); | ||
| console.log(`ā Updated: ${fullPath}`); | ||
| } | ||
| } catch (err) { | ||
| console.warn(`ā ļø Skipped ${fullPath}: ${err.message}`); | ||
| } | ||
| } | ||
| } | ||
| } | ||
| } | ||
| walk(root); | ||
| console.log('āØ Version update complete.'); |
@@ -254,3 +254,3 @@ # Changelog v3.3.0 - Production Hardening | ||
| ## š Next Steps (v3.4.0) | ||
| ## š Next Steps (v3.4.1) | ||
@@ -257,0 +257,0 @@ - [ ] Streaming for files >10MB |
+3
-3
| # Changelog | ||
| ## [3.4.0] - 2026-04-24 | ||
| ## [3.4.1] - 2026-04-24 | ||
@@ -33,3 +33,3 @@ ### š PRODUCTION HARDENING - Security & Infrastructure Complete | ||
| - **Parsers**: Removed 300+ lines of duplicated replaceSymbol code | ||
| - **Version**: Synchronized all version strings to 3.4.0 | ||
| - **Version**: Synchronized all version strings to 3.4.1 | ||
@@ -53,3 +53,3 @@ ### Performance | ||
| - ā All file lock tests passing | ||
| - ā All v3.4.0 feature tests passing | ||
| - ā All v3.4.1 feature tests passing | ||
| - ā TypeScript: 0 compilation errors | ||
@@ -56,0 +56,0 @@ - ā Build: Clean production dist |
| /** | ||
| * Core Engine - v3.4.0 | ||
| * Core Engine - v3.4.1 | ||
| * ASYNC I/O: Migrated to fs.promises | ||
@@ -4,0 +4,0 @@ */ |
| /** | ||
| * Core Engine - v3.4.0 | ||
| * Core Engine - v3.4.1 | ||
| * ASYNC I/O: Migrated to fs.promises | ||
@@ -10,2 +10,3 @@ */ | ||
| import { dirname } from "path"; | ||
| import { createRequire } from "node:module"; | ||
| export class CodeContextEngine { | ||
@@ -43,2 +44,11 @@ config; | ||
| ]; | ||
| // 4. Robust Node.js module resolution (handles npx hoisting and global installs) | ||
| try { | ||
| const require = createRequire(import.meta.url); | ||
| const pkgPath = require.resolve("tree-sitter-wasms/package.json"); | ||
| possiblePaths.unshift(path.join(path.dirname(pkgPath), "out", wasmFile)); | ||
| } | ||
| catch { | ||
| // Ignore resolution errors, fallback to manual paths | ||
| } | ||
| let wasmPath = null; | ||
@@ -45,0 +55,0 @@ for (const p of possiblePaths) { |
@@ -1,1 +0,1 @@ | ||
| {"version":3,"file":"engine.js","sourceRoot":"","sources":["../../../src/core/engine.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAO/B,MAAM,OAAO,iBAAiB;IACpB,MAAM,CAAe;IACrB,WAAW,GAAY,KAAK,CAAC;IAC7B,MAAM,GAAkB,IAAI,CAAC;IAC7B,SAAS,GAA0B,IAAI,GAAG,EAAE,CAAC;IAErD,YAAY,SAAuB,EAAE;QACnC,IAAI,CAAC,MAAM,GAAG;YACZ,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC;YAC1C,YAAY,EAAE,GAAG,GAAG,IAAI,GAAG,IAAI;YAC/B,GAAG,MAAM;SACV,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAE7B,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;QAEpB,IAAI,CAAC,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;QAC3B,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,IAAY;QAC7B,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;QAED,MAAM,QAAQ,GAAG,eAAe,IAAI,OAAO,CAAC;QAE5C,MAAM,aAAa,GAAG;YACpB,kDAAkD;YAClD,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,cAAc,EAAE,mBAAmB,EAAE,KAAK,EAAE,QAAQ,CAAC;YACpH,wDAAwD;YACxD,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,cAAc,EAAE,mBAAmB,EAAE,KAAK,EAAE,QAAQ,CAAC;YAC1H,+BAA+B;YAC/B,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,mBAAmB,EAAE,KAAK,EAAE,QAAQ,CAAC;SAC/E,CAAC;QAEF,IAAI,QAAQ,GAAkB,IAAI,CAAC;QACnC,KAAK,MAAM,CAAC,IAAI,aAAa,EAAE,CAAC;YAC9B,IAAI,CAAC;gBACH,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;gBACnB,QAAQ,GAAG,CAAC,CAAC;gBACb,MAAM;YACR,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;QACH,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,wBAAwB,QAAQ,kBAAkB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAChG,CAAC;QAED,0BAA0B;QAC1B,MAAM,UAAU,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC/C,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACjD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IACrC,CAAC;IAED,WAAW,CAAC,IAAY;QACtB,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAED,YAAY;QACV,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;QACD,OAAO,IAAI,MAAM,EAAE,CAAC;IACtB,CAAC;IAED,aAAa;QACX,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;CACF"} | ||
| {"version":3,"file":"engine.js","sourceRoot":"","sources":["../../../src/core/engine.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAC/B,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAO5C,MAAM,OAAO,iBAAiB;IACpB,MAAM,CAAe;IACrB,WAAW,GAAY,KAAK,CAAC;IAC7B,MAAM,GAAkB,IAAI,CAAC;IAC7B,SAAS,GAA0B,IAAI,GAAG,EAAE,CAAC;IAErD,YAAY,SAAuB,EAAE;QACnC,IAAI,CAAC,MAAM,GAAG;YACZ,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC;YAC1C,YAAY,EAAE,GAAG,GAAG,IAAI,GAAG,IAAI;YAC/B,GAAG,MAAM;SACV,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAE7B,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;QAEpB,IAAI,CAAC,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;QAC3B,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,IAAY;QAC7B,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;QAED,MAAM,QAAQ,GAAG,eAAe,IAAI,OAAO,CAAC;QAE5C,MAAM,aAAa,GAAG;YACpB,kDAAkD;YAClD,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,cAAc,EAAE,mBAAmB,EAAE,KAAK,EAAE,QAAQ,CAAC;YACpH,wDAAwD;YACxD,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,cAAc,EAAE,mBAAmB,EAAE,KAAK,EAAE,QAAQ,CAAC;YAC1H,+BAA+B;YAC/B,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,mBAAmB,EAAE,KAAK,EAAE,QAAQ,CAAC;SAC/E,CAAC;QAEF,iFAAiF;QACjF,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC/C,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,gCAAgC,CAAC,CAAC;YAClE,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC;QAC3E,CAAC;QAAC,MAAM,CAAC;YACP,qDAAqD;QACvD,CAAC;QAED,IAAI,QAAQ,GAAkB,IAAI,CAAC;QACnC,KAAK,MAAM,CAAC,IAAI,aAAa,EAAE,CAAC;YAC9B,IAAI,CAAC;gBACH,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;gBACnB,QAAQ,GAAG,CAAC,CAAC;gBACb,MAAM;YACR,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;QACH,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,wBAAwB,QAAQ,kBAAkB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAChG,CAAC;QAED,0BAA0B;QAC1B,MAAM,UAAU,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC/C,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACjD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IACrC,CAAC;IAED,WAAW,CAAC,IAAY;QACtB,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAED,YAAY;QACV,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;QACD,OAAO,IAAI,MAAM,EAAE,CAAC;IACtB,CAAC;IAED,aAAa;QACX,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;CACF"} |
| /** | ||
| * Security Validator - v3.4.0 | ||
| * Security Validator - v3.4.1 | ||
| * CRITICAL FIX: Path traversal check AFTER normalization | ||
@@ -4,0 +4,0 @@ */ |
| /** | ||
| * Security Validator - v3.4.0 | ||
| * Security Validator - v3.4.1 | ||
| * CRITICAL FIX: Path traversal check AFTER normalization | ||
@@ -4,0 +4,0 @@ */ |
| #!/usr/bin/env node | ||
| /** | ||
| * mcp-code-context v3.4.0 - Tree-sitter WASM Edition | ||
| * mcp-code-context v3.4.1 - Tree-sitter WASM Edition | ||
| * | ||
@@ -5,0 +5,0 @@ * Production-ready with: |
| #!/usr/bin/env node | ||
| /** | ||
| * mcp-code-context v3.4.0 - Tree-sitter WASM Edition | ||
| * mcp-code-context v3.4.1 - Tree-sitter WASM Edition | ||
| * | ||
@@ -31,3 +31,3 @@ * Production-ready with: | ||
| const SERVER_NAME = "mcp-code-context"; | ||
| const SERVER_VERSION = "3.4.0"; | ||
| const SERVER_VERSION = "3.4.1"; | ||
| // Global instances | ||
@@ -34,0 +34,0 @@ let engine; |
| /** | ||
| * Semantic Compression - v3.4.0 | ||
| * Semantic Compression - v3.4.1 | ||
| * IMPROVEMENTS: Centralized constants + size limits + timeout | ||
@@ -4,0 +4,0 @@ */ |
| /** | ||
| * Semantic Compression - v3.4.0 | ||
| * Semantic Compression - v3.4.1 | ||
| * IMPROVEMENTS: Centralized constants + size limits + timeout | ||
@@ -4,0 +4,0 @@ */ |
| /** | ||
| * Confirmation Store - v3.4.0 | ||
| * Confirmation Store - v3.4.1 | ||
| * Two-phase write: dry-run preview ā confirm with token | ||
@@ -4,0 +4,0 @@ * Stores pending write operations with auto-expiry |
| /** | ||
| * Confirmation Store - v3.4.0 | ||
| * Confirmation Store - v3.4.1 | ||
| * Two-phase write: dry-run preview ā confirm with token | ||
@@ -4,0 +4,0 @@ * Stores pending write operations with auto-expiry |
| /** | ||
| * Read Operations - v3.4.0 | ||
| * Read Operations - v3.4.1 | ||
| * FIXES: extractSymbol args, safe regex in readLines, forEach+async ā for...of | ||
@@ -4,0 +4,0 @@ */ |
| /** | ||
| * Read Operations - v3.4.0 | ||
| * Read Operations - v3.4.1 | ||
| * FIXES: extractSymbol args, safe regex in readLines, forEach+async ā for...of | ||
@@ -4,0 +4,0 @@ */ |
| /** | ||
| * Write Operations - v3.4.0 | ||
| * Write Operations - v3.4.1 | ||
| * FIXES: SecurityValidator in renameSymbol, atomic writes, AST-based positioning | ||
@@ -50,3 +50,3 @@ */ | ||
| * Rename symbol using AST-aware replacement | ||
| * v3.4.0 - SECURITY FIX: Validates all paths + uses atomic writes | ||
| * v3.4.1 - SECURITY FIX: Validates all paths + uses atomic writes | ||
| */ | ||
@@ -53,0 +53,0 @@ export declare function renameSymbol(params: { |
| /** | ||
| * Write Operations - v3.4.0 | ||
| * Write Operations - v3.4.1 | ||
| * FIXES: SecurityValidator in renameSymbol, atomic writes, AST-based positioning | ||
@@ -166,3 +166,3 @@ */ | ||
| * Rename symbol using AST-aware replacement | ||
| * v3.4.0 - SECURITY FIX: Validates all paths + uses atomic writes | ||
| * v3.4.1 - SECURITY FIX: Validates all paths + uses atomic writes | ||
| */ | ||
@@ -169,0 +169,0 @@ export async function renameSymbol(params) { |
| /** | ||
| * Base Parser - v3.4.0 | ||
| * Base Parser - v3.4.1 | ||
| * Abstract base for all language parsers | ||
@@ -4,0 +4,0 @@ * IMPROVEMENT: replaceSymbol moved here using AST indices (eliminates indexOf fragility) |
| /** | ||
| * Base Parser - v3.4.0 | ||
| * Base Parser - v3.4.1 | ||
| * Abstract base for all language parsers | ||
@@ -4,0 +4,0 @@ * IMPROVEMENT: replaceSymbol moved here using AST indices (eliminates indexOf fragility) |
| /** | ||
| * Dart Tree-sitter Parser - v3.4.0 | ||
| * Dart Tree-sitter Parser - v3.4.1 | ||
| * 100% AST accuracy via WASM | ||
@@ -4,0 +4,0 @@ * CLEANUP: replaceSymbol removed (inherited from BaseParser) |
| /** | ||
| * Dart Tree-sitter Parser - v3.4.0 | ||
| * Dart Tree-sitter Parser - v3.4.1 | ||
| * 100% AST accuracy via WASM | ||
@@ -4,0 +4,0 @@ * CLEANUP: replaceSymbol removed (inherited from BaseParser) |
| /** | ||
| * PHP Parser - v3.4.0 | ||
| * PHP Parser - v3.4.1 | ||
| * CLEANUP: replaceSymbol removed (inherited from BaseParser) | ||
@@ -4,0 +4,0 @@ */ |
| /** | ||
| * PHP Parser - v3.4.0 | ||
| * PHP Parser - v3.4.1 | ||
| * CLEANUP: replaceSymbol removed (inherited from BaseParser) | ||
@@ -4,0 +4,0 @@ */ |
| /** | ||
| * Python Parser - v3.4.0 | ||
| * Python Parser - v3.4.1 | ||
| * CLEANUP: replaceSymbol removed (inherited from BaseParser) | ||
@@ -4,0 +4,0 @@ */ |
| /** | ||
| * Python Parser - v3.4.0 | ||
| * Python Parser - v3.4.1 | ||
| * CLEANUP: replaceSymbol removed (inherited from BaseParser) | ||
@@ -4,0 +4,0 @@ */ |
| /** | ||
| * Parser Registry - v3.4.0 | ||
| * Parser Registry - v3.4.1 | ||
| * Manages all language parsers | ||
@@ -4,0 +4,0 @@ */ |
| /** | ||
| * Parser Registry - v3.4.0 | ||
| * Parser Registry - v3.4.1 | ||
| * Manages all language parsers | ||
@@ -4,0 +4,0 @@ */ |
| /** | ||
| * TypeScript Parser - v3.4.0 | ||
| * TypeScript Parser - v3.4.1 | ||
| * Tree-sitter based TS/JS parser | ||
@@ -4,0 +4,0 @@ * CLEANUP: replaceSymbol removed (inherited from BaseParser) |
| /** | ||
| * TypeScript Parser - v3.4.0 | ||
| * TypeScript Parser - v3.4.1 | ||
| * Tree-sitter based TS/JS parser | ||
@@ -4,0 +4,0 @@ * CLEANUP: replaceSymbol removed (inherited from BaseParser) |
| /** | ||
| * Audit Logger - v3.4.0 | ||
| * Audit Logger - v3.4.1 | ||
| * Comprehensive audit trail for all operations | ||
@@ -4,0 +4,0 @@ */ |
| /** | ||
| * Audit Logger - v3.4.0 | ||
| * Audit Logger - v3.4.1 | ||
| * Comprehensive audit trail for all operations | ||
@@ -4,0 +4,0 @@ */ |
| /** | ||
| * Backup Manager - v3.4.0 | ||
| * Backup Manager - v3.4.1 | ||
| * Handles rolling backups for file modifications | ||
@@ -4,0 +4,0 @@ */ |
| /** | ||
| * Backup Manager - v3.4.0 | ||
| * Backup Manager - v3.4.1 | ||
| * Handles rolling backups for file modifications | ||
@@ -4,0 +4,0 @@ */ |
| /** | ||
| * Constants - Centralized configuration | ||
| * v3.4.0 | ||
| * v3.4.1 | ||
| */ | ||
@@ -5,0 +5,0 @@ export declare const EXCLUDE_DIRS: string[]; |
| /** | ||
| * Constants - Centralized configuration | ||
| * v3.4.0 | ||
| * v3.4.1 | ||
| */ | ||
@@ -5,0 +5,0 @@ export const EXCLUDE_DIRS = [ |
| /** | ||
| * Diff Engine - v3.4.0 | ||
| * Diff Engine - v3.4.1 | ||
| * LCS-based unified diff with memory safety cap | ||
@@ -4,0 +4,0 @@ */ |
| /** | ||
| * Diff Engine - v3.4.0 | ||
| * Diff Engine - v3.4.1 | ||
| * LCS-based unified diff with memory safety cap | ||
@@ -4,0 +4,0 @@ */ |
| /** | ||
| * File Lock Manager - v3.4.0 | ||
| * File Lock Manager - v3.4.1 | ||
| * Prevents concurrent writes to same file | ||
@@ -4,0 +4,0 @@ */ |
| /** | ||
| * File Lock Manager - v3.4.0 | ||
| * File Lock Manager - v3.4.1 | ||
| * Prevents concurrent writes to same file | ||
@@ -4,0 +4,0 @@ */ |
| /** | ||
| * Rate Limiter - v3.4.0 | ||
| * Rate Limiter - v3.4.1 | ||
| * Token bucket algorithm for DoS protection | ||
@@ -4,0 +4,0 @@ */ |
| /** | ||
| * Rate Limiter - v3.4.0 | ||
| * Rate Limiter - v3.4.1 | ||
| * Token bucket algorithm for DoS protection | ||
@@ -4,0 +4,0 @@ */ |
| /** | ||
| * Safe Regex - v3.4.0 | ||
| * Safe Regex - v3.4.1 | ||
| * Regex execution with timeout to prevent ReDoS | ||
@@ -4,0 +4,0 @@ */ |
| /** | ||
| * Safe Regex - v3.4.0 | ||
| * Safe Regex - v3.4.1 | ||
| * Regex execution with timeout to prevent ReDoS | ||
@@ -4,0 +4,0 @@ */ |
| /** | ||
| * File Streaming - v3.4.0 | ||
| * File Streaming - v3.4.1 | ||
| * Stream large files in chunks to avoid memory exhaustion | ||
@@ -4,0 +4,0 @@ */ |
| /** | ||
| * File Streaming - v3.4.0 | ||
| * File Streaming - v3.4.1 | ||
| * Stream large files in chunks to avoid memory exhaustion | ||
@@ -4,0 +4,0 @@ */ |
| /** | ||
| * Telemetry - v3.4.0 | ||
| * Telemetry - v3.4.1 | ||
| * Metrics collection and monitoring | ||
@@ -4,0 +4,0 @@ */ |
| /** | ||
| * Telemetry - v3.4.0 | ||
| * Telemetry - v3.4.1 | ||
| * Metrics collection and monitoring | ||
@@ -4,0 +4,0 @@ */ |
+5
-5
@@ -1,6 +0,6 @@ | ||
| # mcp-code-context v3.4.0 | ||
| # mcp-code-context v3.4.1 | ||
| > A Model Context Protocol (MCP) server with **Tree-sitter WASM parsers** for 100% AST accuracy. Zero native dependencies. Production-ready with middleware pipeline. | ||
| ## What's New in v3.4.0 | ||
| ## What's New in v3.4.1 | ||
@@ -145,3 +145,3 @@ š **Production Hardening**: | ||
| ### Write Tools (v3.4.0 Two-Phase Workflow) | ||
| ### Write Tools (v3.4.1 Two-Phase Workflow) | ||
@@ -152,3 +152,3 @@ All write tools follow a **Two-Phase Workflow**: | ||
| **Important Notes (v3.4.0):** | ||
| **Important Notes (v3.4.1):** | ||
| - ā **Windows CRLF Support**: Fully resolved. All operations work correctly on Windows files with CRLF line endings. | ||
@@ -241,3 +241,3 @@ - ā **Parameter Brace Handling**: Methods with braces in parameters (e.g., `{int? cart}`) are now handled correctly. | ||
| ### Additional Tools (v3.4.0) | ||
| ### Additional Tools (v3.4.1) | ||
@@ -244,0 +244,0 @@ #### 11. `parse_file` |
+1
-1
| { | ||
| "name": "mcp-code-context", | ||
| "version": "3.4.0", | ||
| "version": "3.4.1", | ||
| "description": "Powerful MCP server with Tree-sitter WASM parsers for 100% AST accuracy. Zero native dependencies. Production-ready with streaming, telemetry, audit logging, rate limiting, file locking, and ReDoS protection. Supports TypeScript, JavaScript, PHP, Dart, and Python.", | ||
@@ -5,0 +5,0 @@ "type": "module", |
+14
-14
@@ -1,4 +0,4 @@ | ||
| # Security Policy - mcp-code-context v3.4.0 | ||
| # Security Policy - mcp-code-context v3.4.1 | ||
| ## š Security Improvements in v3.4.0 | ||
| ## š Security Improvements in v3.4.1 | ||
@@ -13,7 +13,7 @@ This release addresses **all critical security vulnerabilities** from comprehensive adversarial audit, implements full middleware pipeline, and hardens all 13 tool handlers. | ||
| **CVSS Score**: 8.1 (High) | ||
| **Status**: ā FIXED in v3.2.0, **hardened in v3.4.0** | ||
| **Status**: ā FIXED in v3.2.0, **hardened in v3.4.1** | ||
| **Description**: Path traversal check occurred BEFORE path normalization, allowing bypass with absolute paths. | ||
| **Fix**: Check boundary AFTER `path.resolve()` normalization. In v3.4.0, **all 13 handlers** now require `projectRoot` and validate via `SecurityValidator`. | ||
| **Fix**: Check boundary AFTER `path.resolve()` normalization. In v3.4.1, **all 13 handlers** now require `projectRoot` and validate via `SecurityValidator`. | ||
@@ -44,3 +44,3 @@ --- | ||
| **CVSS Score**: 5.3 (Medium) | ||
| **Status**: ā FIXED in v3.4.0 | ||
| **Status**: ā FIXED in v3.4.1 | ||
@@ -63,3 +63,3 @@ **Description**: User-provided regex patterns could cause catastrophic backtracking. | ||
| **CVSS Score**: 9.0 (Critical) | ||
| **Status**: ā FIXED in v3.4.0 | ||
| **Status**: ā FIXED in v3.4.1 | ||
@@ -74,3 +74,3 @@ **Description**: `read.ts` passed `content` as `symbolName` and real `symbolName` as `className`. Symbol extraction was 100% broken. | ||
| **CVSS Score**: 8.5 (High) | ||
| **Status**: ā FIXED in v3.4.0 | ||
| **Status**: ā FIXED in v3.4.1 | ||
@@ -85,3 +85,3 @@ **Description**: `readLines`, `searchPattern`, `analyzeImpact`, `getSemanticRepoMap` had no path boundary check. | ||
| **CVSS Score**: 8.0 (High) | ||
| **Status**: ā FIXED in v3.4.0 | ||
| **Status**: ā FIXED in v3.4.1 | ||
@@ -96,3 +96,3 @@ **Description**: `renameSymbol` wrote dependent files without SecurityValidator check, using non-atomic writes. | ||
| **CVSS Score**: 5.0 (Medium) | ||
| **Status**: ā FIXED in v3.4.0 | ||
| **Status**: ā FIXED in v3.4.1 | ||
@@ -110,7 +110,7 @@ **Description**: LCS diff algorithm is O(nĀ²) memory ā 10K-line files cause OOM. | ||
| 1. **Input Validation** | ||
| - Path boundary enforcement on ALL handlers (v3.4.0) | ||
| - Path boundary enforcement on ALL handlers (v3.4.1) | ||
| - File size limits (10MB per file, 50MB total) | ||
| - Regex sanitization + timeout (1s limit) | ||
| 2. **Two-Phase Write Workflow** (v3.4.0) | ||
| 2. **Two-Phase Write Workflow** (v3.4.1) | ||
| - Phase 1: Dry-run returns diff + confirmation token | ||
@@ -120,3 +120,3 @@ - Phase 2: Apply with token (5-minute expiry) | ||
| 3. **Middleware Pipeline** (v3.4.0) | ||
| 3. **Middleware Pipeline** (v3.4.1) | ||
| - Rate limiting (token bucket per operation) | ||
@@ -171,3 +171,3 @@ - File locking (prevents concurrent writes) | ||
| ### v3.4.0 ā | ||
| ### v3.4.1 ā | ||
| - [x] Regex timeout enforcement (safeRegexTest) | ||
@@ -186,2 +186,2 @@ - [x] Rate limiting (token bucket) | ||
| **Last Updated**: 2026-04-24 | ||
| **Version**: 3.4.0 | ||
| **Version**: 3.4.1 |
Fixed alerts
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
294936
1.13%- Number of package files
75
1.35%- Lines of code
3948
1.52%- Number of medium supply chain risk alerts
0
-100%No dependency changes