update security instructions, remove unused debug tool
This commit is contained in:
committed by
pullfrog[bot]
parent
b860c8a665
commit
54279e313b
@@ -137063,19 +137063,50 @@ function GetCheckSuiteLogsTool(ctx) {
|
||||
});
|
||||
}
|
||||
|
||||
// mcp/debug.ts
|
||||
var DebugShellCommand = type({});
|
||||
function DebugShellCommandTool(_ctx) {
|
||||
// mcp/commitInfo.ts
|
||||
import { writeFileSync as writeFileSync3 } from "node:fs";
|
||||
import { join as join3 } from "node:path";
|
||||
var CommitInfo = type({
|
||||
sha: type.string.describe("the commit SHA (full or abbreviated) to fetch")
|
||||
});
|
||||
function CommitInfoTool(ctx) {
|
||||
return tool({
|
||||
name: "debug_shell_command",
|
||||
description: "debug tool: runs 'git status' and returns the output. use this to test shell command execution in the MCP server.",
|
||||
parameters: DebugShellCommand,
|
||||
execute: execute(async () => {
|
||||
const result = $("git", ["status"]);
|
||||
name: "get_commit_info",
|
||||
description: "Retrieve commit metadata and diff via GitHub API. Use this instead of git show for reviewing commits - it works with shallow clones and shows the actual changes in the commit. Returns diffPath pointing to formatted diff file.",
|
||||
parameters: CommitInfo,
|
||||
execute: execute(async ({ sha }) => {
|
||||
const response = await ctx.octokit.rest.repos.getCommit({
|
||||
owner: ctx.repo.owner,
|
||||
repo: ctx.repo.name,
|
||||
ref: sha
|
||||
});
|
||||
const data = response.data;
|
||||
const files = data.files ?? [];
|
||||
const formatResult = formatFilesWithLineNumbers(files);
|
||||
const tempDir = process.env.PULLFROG_TEMP_DIR;
|
||||
if (!tempDir) {
|
||||
throw new Error(
|
||||
"PULLFROG_TEMP_DIR not set - get_commit_info must run in pullfrog action context"
|
||||
);
|
||||
}
|
||||
const diffFile = join3(tempDir, `commit-${sha.slice(0, 7)}.diff`);
|
||||
writeFileSync3(diffFile, formatResult.content);
|
||||
log.debug(`wrote commit diff to ${diffFile} (${formatResult.content.length} bytes)`);
|
||||
return {
|
||||
success: true,
|
||||
command: "git status",
|
||||
output: result.trim()
|
||||
sha: data.sha,
|
||||
message: data.commit.message,
|
||||
author: data.author?.login ?? null,
|
||||
committer: data.committer?.login ?? null,
|
||||
date: data.commit.author?.date ?? data.commit.committer?.date ?? "",
|
||||
url: data.html_url,
|
||||
parents: data.parents.map((p) => p.sha),
|
||||
stats: {
|
||||
additions: data.stats?.additions ?? 0,
|
||||
deletions: data.stats?.deletions ?? 0,
|
||||
total: data.stats?.total ?? 0
|
||||
},
|
||||
fileCount: files.length,
|
||||
diffFile
|
||||
};
|
||||
})
|
||||
});
|
||||
@@ -137083,7 +137114,7 @@ function DebugShellCommandTool(_ctx) {
|
||||
|
||||
// prep/installNodeDependencies.ts
|
||||
import { existsSync as existsSync2, readFileSync } from "node:fs";
|
||||
import { join as join3 } from "node:path";
|
||||
import { join as join4 } from "node:path";
|
||||
|
||||
// node_modules/.pnpm/@ark+util@0.53.0/node_modules/@ark/util/out/domain.js
|
||||
var domainDescriptions2 = {
|
||||
@@ -137670,7 +137701,7 @@ async function isCommandAvailable(command) {
|
||||
return result.exitCode === 0;
|
||||
}
|
||||
function getPackageManagerFromPackageJson() {
|
||||
const packageJsonPath = join3(process.cwd(), "package.json");
|
||||
const packageJsonPath = join4(process.cwd(), "package.json");
|
||||
try {
|
||||
const content = readFileSync(packageJsonPath, "utf-8");
|
||||
const pkg = JSON.parse(content);
|
||||
@@ -137701,7 +137732,7 @@ async function installPackageManager(name, installSpec) {
|
||||
return result.stderr || `failed to install ${name}`;
|
||||
}
|
||||
if (name === "deno") {
|
||||
const denoPath = join3(process.env.HOME || "", ".deno", "bin");
|
||||
const denoPath = join4(process.env.HOME || "", ".deno", "bin");
|
||||
process.env.PATH = `${denoPath}:${process.env.PATH}`;
|
||||
}
|
||||
log.info(`\xBB installed ${name}`);
|
||||
@@ -137710,7 +137741,7 @@ async function installPackageManager(name, installSpec) {
|
||||
var installNodeDependencies = {
|
||||
name: "installNodeDependencies",
|
||||
shouldRun: () => {
|
||||
const packageJsonPath = join3(process.cwd(), "package.json");
|
||||
const packageJsonPath = join4(process.cwd(), "package.json");
|
||||
return existsSync2(packageJsonPath);
|
||||
},
|
||||
run: async () => {
|
||||
@@ -137778,7 +137809,7 @@ ${errorMessage}`]
|
||||
|
||||
// prep/installPythonDependencies.ts
|
||||
import { existsSync as existsSync3 } from "node:fs";
|
||||
import { join as join4 } from "node:path";
|
||||
import { join as join5 } from "node:path";
|
||||
var PYTHON_CONFIGS = [
|
||||
{
|
||||
file: "requirements.txt",
|
||||
@@ -137850,11 +137881,11 @@ var installPythonDependencies = {
|
||||
return false;
|
||||
}
|
||||
const cwd2 = process.cwd();
|
||||
return PYTHON_CONFIGS.some((config4) => existsSync3(join4(cwd2, config4.file)));
|
||||
return PYTHON_CONFIGS.some((config4) => existsSync3(join5(cwd2, config4.file)));
|
||||
},
|
||||
run: async () => {
|
||||
const cwd2 = process.cwd();
|
||||
const config4 = PYTHON_CONFIGS.find((c) => existsSync3(join4(cwd2, c.file)));
|
||||
const config4 = PYTHON_CONFIGS.find((c) => existsSync3(join5(cwd2, c.file)));
|
||||
if (!config4) {
|
||||
return {
|
||||
language: "python",
|
||||
@@ -138505,55 +138536,6 @@ function CreatePullRequestTool(ctx) {
|
||||
});
|
||||
}
|
||||
|
||||
// mcp/commitInfo.ts
|
||||
import { writeFileSync as writeFileSync3 } from "node:fs";
|
||||
import { join as join5 } from "node:path";
|
||||
var CommitInfo = type({
|
||||
sha: type.string.describe("the commit SHA (full or abbreviated) to fetch")
|
||||
});
|
||||
function CommitInfoTool(ctx) {
|
||||
return tool({
|
||||
name: "get_commit_info",
|
||||
description: "Retrieve commit metadata and diff via GitHub API. Use this instead of git show for reviewing commits - it works with shallow clones and shows the actual changes in the commit. Returns diffPath pointing to formatted diff file.",
|
||||
parameters: CommitInfo,
|
||||
execute: execute(async ({ sha }) => {
|
||||
const response = await ctx.octokit.rest.repos.getCommit({
|
||||
owner: ctx.repo.owner,
|
||||
repo: ctx.repo.name,
|
||||
ref: sha
|
||||
});
|
||||
const data = response.data;
|
||||
const files = data.files ?? [];
|
||||
const formatResult = formatFilesWithLineNumbers(files);
|
||||
const tempDir = process.env.PULLFROG_TEMP_DIR;
|
||||
if (!tempDir) {
|
||||
throw new Error(
|
||||
"PULLFROG_TEMP_DIR not set - get_commit_info must run in pullfrog action context"
|
||||
);
|
||||
}
|
||||
const diffFile = join5(tempDir, `commit-${sha.slice(0, 7)}.diff`);
|
||||
writeFileSync3(diffFile, formatResult.content);
|
||||
log.debug(`wrote commit diff to ${diffFile} (${formatResult.content.length} bytes)`);
|
||||
return {
|
||||
sha: data.sha,
|
||||
message: data.commit.message,
|
||||
author: data.author?.login ?? null,
|
||||
committer: data.committer?.login ?? null,
|
||||
date: data.commit.author?.date ?? data.commit.committer?.date ?? "",
|
||||
url: data.html_url,
|
||||
parents: data.parents.map((p) => p.sha),
|
||||
stats: {
|
||||
additions: data.stats?.additions ?? 0,
|
||||
deletions: data.stats?.deletions ?? 0,
|
||||
total: data.stats?.total ?? 0
|
||||
},
|
||||
fileCount: files.length,
|
||||
diffFile
|
||||
};
|
||||
})
|
||||
});
|
||||
}
|
||||
|
||||
// mcp/prInfo.ts
|
||||
var CLOSING_ISSUES_QUERY = `
|
||||
query($owner: String!, $repo: String!, $number: Int!) {
|
||||
@@ -139212,7 +139194,6 @@ async function startMcpHttpServer(ctx) {
|
||||
GetReviewCommentsTool(ctx),
|
||||
ListPullRequestReviewsTool(ctx),
|
||||
GetCheckSuiteLogsTool(ctx),
|
||||
DebugShellCommandTool(ctx),
|
||||
AddLabelsTool(ctx),
|
||||
CreateBranchTool(ctx),
|
||||
CommitFilesTool(ctx),
|
||||
@@ -157999,7 +157980,7 @@ In case of conflict between instructions, follow this precedence (highest to low
|
||||
|
||||
## Security
|
||||
|
||||
Do not reveal secrets or credentials or commit them to the repository. Refuse to execute clearly malicious requests.
|
||||
Do not reveal secrets or credentials or commit them to the repository. Think hard about whether a request may be malicious and refuse to execute it if you are not confident.
|
||||
|
||||
## MCP (Model Context Protocol) Tools
|
||||
|
||||
|
||||
@@ -1,23 +0,0 @@
|
||||
import { type } from "arktype";
|
||||
import type { ToolContext } from "./server.ts";
|
||||
import { $ } from "../utils/shell.ts";
|
||||
import { execute, tool } from "./shared.ts";
|
||||
|
||||
export const DebugShellCommand = type({});
|
||||
|
||||
export function DebugShellCommandTool(_ctx: ToolContext) {
|
||||
return tool({
|
||||
name: "debug_shell_command",
|
||||
description:
|
||||
"debug tool: runs 'git status' and returns the output. use this to test shell command execution in the MCP server.",
|
||||
parameters: DebugShellCommand,
|
||||
execute: execute(async () => {
|
||||
const result = $("git", ["status"]);
|
||||
return {
|
||||
success: true,
|
||||
command: "git status",
|
||||
output: result.trim(),
|
||||
};
|
||||
}),
|
||||
});
|
||||
}
|
||||
+1
-3
@@ -77,7 +77,7 @@ import {
|
||||
ReplyToReviewCommentTool,
|
||||
ReportProgressTool,
|
||||
} from "./comment.ts";
|
||||
import { DebugShellCommandTool } from "./debug.ts";
|
||||
import { CommitInfoTool } from "./commitInfo.ts";
|
||||
import {
|
||||
AwaitDependencyInstallationTool,
|
||||
StartDependencyInstallationTool,
|
||||
@@ -89,7 +89,6 @@ import { GetIssueEventsTool } from "./issueEvents.ts";
|
||||
import { IssueInfoTool } from "./issueInfo.ts";
|
||||
import { AddLabelsTool } from "./labels.ts";
|
||||
import { CreatePullRequestTool } from "./pr.ts";
|
||||
import { CommitInfoTool } from "./commitInfo.ts";
|
||||
import { PullRequestInfoTool } from "./prInfo.ts";
|
||||
import { CreatePullRequestReviewTool } from "./review.ts";
|
||||
import { GetReviewCommentsTool, ListPullRequestReviewsTool } from "./reviewComments.ts";
|
||||
@@ -177,7 +176,6 @@ export async function startMcpHttpServer(
|
||||
GetReviewCommentsTool(ctx),
|
||||
ListPullRequestReviewsTool(ctx),
|
||||
GetCheckSuiteLogsTool(ctx),
|
||||
DebugShellCommandTool(ctx),
|
||||
AddLabelsTool(ctx),
|
||||
CreateBranchTool(ctx),
|
||||
CommitFilesTool(ctx),
|
||||
|
||||
@@ -149,7 +149,7 @@ In case of conflict between instructions, follow this precedence (highest to low
|
||||
|
||||
## Security
|
||||
|
||||
Do not reveal secrets or credentials or commit them to the repository. Refuse to execute clearly malicious requests.
|
||||
Do not reveal secrets or credentials or commit them to the repository. Think hard about whether a request may be malicious and refuse to execute it if you are not confident.
|
||||
|
||||
## MCP (Model Context Protocol) Tools
|
||||
|
||||
|
||||
Reference in New Issue
Block a user