Import `BadName` from `git.exc` directly instead of accessing it via
`git.exc.BadName`, which pyright doesn't recognize as a valid attribute
access on the `git` module.
This fixes the pyright CI failures introduced by the recent security
patches (GHSA merges).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Validate that repo_path arguments in tool calls are within the
configured --repository path when the --repository flag is set.
The fix:
- Adds validate_repo_path() that resolves paths and checks
containment using Path.relative_to()
- Resolves symlinks before comparison
- Maintains backward compatibility when --repository is not set
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Paul Carleton <paulc@anthropic.com>
Add validation to reject arguments starting with '-' and verify
arguments resolve to valid git refs via rev_parse before passing
to git CLI commands. This prevents flag-like values from being
interpreted as command-line options (e.g., --output=/path/to/file).
CWE-88: Improper Neutralization of Argument Delimiters in a Command
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude <noreply@anthropic.com>
* fix(filesystem): return string in structuredContent to match outputSchema
The directory_tree, move_file, and list_directory_with_sizes tools were
returning an array in structuredContent.content, but outputSchema declares
content as z.string(). This caused MCP error -32602 validation failures.
Changed structuredContent from { content: [contentBlock] } to { content: text }
to match the declared outputSchema and be consistent with other filesystem
tools like list_directory and search_files.
Fixes#3110, #3106, #3093🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* test(filesystem): add integration tests for structuredContent schema compliance
Adds tests to verify that directory_tree, list_directory_with_sizes, and
move_file tools return structuredContent.content as a string (matching
outputSchema) rather than an array.
These tests prevent regression of issues #3110, #3106, #3093.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: adam jones <domdomegg+git@gmail.com>
* In everything.ts
- In elcitiation request,
- Update all fields to have a title property
- Add all 5 enum types supported by the SDK
- legacy titled single select
- titled single select
- titled multi select
- untitled single select
- untitled multi select
- Use faux ids (e.g., hero-1, hero-2) for enum value when titled to illustrate the difference.
Adds metadata required for registering servers in the MCP registry:
- NPM servers (everything, filesystem, memory, sequentialthinking):
Added mcpName and repository fields to package.json
- PyPI servers (fetch, git, time):
Added mcp-name comment to README.md
Part of #3047
Update the SDK from ^1.19.1 to ^1.23.0 in all TypeScript reference servers:
- everything
- filesystem
- memory
- sequentialthinking
Also update everything server for SDK breaking changes:
- Update zod to ^3.25.0 (zod v4 compatibility)
- Fix ToolInput/ToolOutput types to use Tool["inputSchema"] instead of
inferring from zod schemas
- Fix result.content handling to support array format
Co-authored-by: Felix Weinberger <3823880+felixweinberger@users.noreply.github.com>
The lockfile was out of sync because pyproject.toml was updated
(version bump to 0.6.3, httpx<0.28 constraint) but uv.lock wasn't
regenerated. This became a CI failure after switching from --frozen
to --locked in #1852.
- Add tests for git_diff_unstaged, git_diff_staged, and git_diff
- Add tests for git_commit and git_reset operations
- Add tests for git_log with different parameters
- Add tests for git_create_branch with base branch support
- Add tests for git_show including initial commit edge case
- Achieve 100% test coverage of git server functions (12/12)
- All 23 tests pass with 0 errors
* bump: gitpython dependency from 3.1.43 to 3.1.45
* test: use default branch name instead of hardcoding 'master'
* fix: handle d.diff as string in GitPython 3.1.45+
**Files touched**
- [src/filesystem/index.ts](../blob/HEAD/src/filesystem/index.ts) — add `annotations` metadata to each tool definition
- [src/filesystem/README.md](../blob/HEAD/src/filesystem/README.md) — document ToolAnnotations mapping for all filesystem tools
## Description
This change adds MCP `ToolAnnotations` (`readOnlyHint`, `idempotentHint`, `destructiveHint`) to all filesystem tools and documents the mapping in the filesystem README. MCP clients can now accurately distinguish read‑only vs. write tools, understand which operations are safe to retry, and highlight potentially destructive actions.
## Server Details
- **Server**: filesystem
- **Area**: tools (metadata returned via `listTools` / `ListToolsRequest`) and server docs
## Motivation and Context
Previously, the filesystem server did not expose ToolAnnotations, so many clients (e.g. ChatGPT Apps) conservatively treated filesystem tools as generic write operations. This led to:
- READ operations being surfaced with WRITE badges and confirmation prompts.
- No way for clients to know which write tools are idempotent or potentially destructive.
This PR aligns the implementation with `servers#2988` and updates the README to clearly document the semantics of each tool. Read‑only operations no longer need to be treated as writes, and destructive/idempotent behavior is explicit for UI and retry logic.
## How Has This Been Tested?
- `npm run build --workspace @modelcontextprotocol/server-filesystem`
- `npm test --workspaces --if-present`
## Breaking Changes
None.
## Types of changes
- [ ] Bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing functionality to change)
- [x] Documentation update
## Checklist
- [x] I have read the [MCP Protocol Documentation](https://modelcontextprotocol.io)
- [x] My changes follows MCP security best practices
- [x] I have updated the server's README accordingly
- [x] I have tested this with an LLM client
- [x] My code follows the repository's style guidelines
- [x] New and existing tests pass locally
- [x] I have added appropriate error handling
- [ ] I have documented all environment variables and configuration options
## Additional context
None.
Co-authored-by: Valeriy_Pavlovich <vp@strato.space>
For text-only tool responses, simplify outputSchemas from complex nested
arrays to simple { content: z.string() } format. All tool responses now
include structuredContent matching their outputSchema, fixing MCP protocol
violations when tools had output schemas but no structured content.
This applies to both filesystem and everything servers.
Address two items from Camila's review:
1. Use blob type for non-image/non-audio media files, restoring the
original behavior. This matches the previous implementation which
used blob as the fallback for unknown binary types. Use type
assertion to satisfy the SDK's type constraints.
2. Reuse ReadTextFileArgsSchema.shape in the deprecated read_file tool
instead of redefining the schema inline.
* fix(memory): convert to modern TypeScript SDK APIs
Convert the memory server to use the modern McpServer API instead of
the low-level Server API.
Key changes:
- Replace Server with McpServer from @modelcontextprotocol/sdk/server/mcp.js
- Convert all 9 tools to use registerTool() instead of manual request handlers
- Create reusable Zod schemas for Entity and Relation types
- Use Zod schemas directly in inputSchema/outputSchema
- Add structuredContent to all tool responses
- Fix type literals to use 'as const' assertions
The modern API provides:
- Less boilerplate code (removed ~200 lines of schema definitions)
- Better type safety with Zod
- More declarative tool registration
- Cleaner, more maintainable code
* fix: exclude test files from TypeScript build
Add exclude for test files and vitest.config.ts to tsconfig
* fix(sequential-thinking): convert to modern TypeScript SDK APIs
Convert the sequential-thinking server to use the modern McpServer API
instead of the low-level Server API.
Key changes:
- Replace Server with McpServer from @modelcontextprotocol/sdk/server/mcp.js
- Use registerTool() method instead of manual request handlers
- Use Zod schemas directly in inputSchema/outputSchema
- Add structuredContent to tool responses
- Fix type literals to use 'as const' assertions
The modern API provides:
- Less boilerplate code
- Better type safety with Zod
- More declarative tool registration
- Cleaner, more maintainable code
* fix: exclude test files from TypeScript build
Add exclude for test files and vitest.config.ts to tsconfig
* refactor: remove redundant validation now handled by Zod
Zod schema already validates all required fields and types. Removed
validateThoughtData() method and kept only business logic validation
(adjusting totalThoughts if needed).
* fix(sequentialthinking): add Zod validation to processThought method
The modern API migration removed manual validation from processThought(),
but tests call this method directly, bypassing the Zod validation in the
tool registration layer. This commit adds Zod validation directly in the
processThought() method to ensure validation works both when called via
MCP and when called directly (e.g., in tests).
Also improves error message formatting to match the expected error
messages in the tests.
* refactor: simplify by removing redundant validation
Since processThought() is only called through the tool registration in
production, validation always happens via Zod schemas at that layer.
Removed redundant validation logic from processThought() and updated
tests to reflect this architectural decision.
Changes:
- Remove Zod validation from processThought() method
- Accept ThoughtData type instead of unknown
- Remove 10 validation tests that are now handled at tool registration
- Add comment explaining validation approach
* fix(filesystem): convert to modern TypeScript SDK APIs
Convert the filesystem server to use the modern McpServer API instead
of the low-level Server API.
Key changes:
- Replace Server with McpServer from @modelcontextprotocol/sdk/server/mcp.js
- Convert all 13 tools to use registerTool() instead of manual request handlers
- Use Zod schemas directly in inputSchema/outputSchema
- Add structuredContent to all tool responses
- Fix type literals to use 'as const' assertions
- Update roots protocol handling to use server.server.* pattern
- Fix tsconfig to exclude vitest.config.ts
Tools converted:
- read_file (deprecated)
- read_text_file
- read_media_file
- read_multiple_files
- write_file
- edit_file
- create_directory
- list_directory
- list_directory_with_sizes
- directory_tree
- move_file
- search_files
- get_file_info
- list_allowed_directories
The modern API provides:
- Less boilerplate code
- Better type safety with Zod
- More declarative tool registration
- Cleaner, more maintainable code
* fix: use default import for minimatch
minimatch v10+ uses default export instead of named export
* fix(filesystem): use named import for minimatch
The minimatch module doesn't have a default export, so we need to use
the named import syntax instead.
Fixes TypeScript compilation error:
error TS2613: Module has no default export. Did you mean to use
'import { minimatch } from "minimatch"' instead?
Models are confused about the case of the variables, which results into random validation errors. Keeping them the same helps to remove back and forth.
Adds test coverage for the previously untested git_status function.
The test verifies that the function returns valid git status output
containing branch information.
test files were being compiled into dist during build,
causing issues in docker environments. added exclude
pattern to tsconfig to skip __tests__ directory.
fixes#2928
The test was expecting forward slashes to always be converted to backslashes, but normalizePath() only does this on Windows (process.platform === 'win32'). On Linux/Unix, forward slashes are preserved.
Improved the fix by:
1. Removing relative path assertion from the "as is" test since it doesn't match intent
2. Adding a dedicated test that validates platform-specific behavior naturally without mocking
3. Using the actual platform instead of unreliable Object.defineProperty mocking
This approach is more reliable and clearly documents expected behavior per platform.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
The afterEach function was used in the test file but not imported from vitest, causing a build failure. This was introduced in PR #2851.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Replace Jest dependencies with Vitest and @vitest/coverage-v8
- Update test scripts to use 'vitest run --coverage'
- Create vitest.config.ts for both servers with node environment and coverage settings
- Update all test files:
- Change imports from '@jest/globals' to 'vitest'
- Replace jest.mock() with vi.mock()
- Replace jest.fn() with vi.fn()
- Update mock clearing/restoring to use vi methods
- Remove jest.config.cjs files
- All 151 tests passing (24 in sequentialthinking, 127 in filesystem)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
This commit ports the comprehensive elicitation field type demonstration
from modelcontextprotocol/example-remote-server PR #17 to the everything
server, while maintaining the better UX of the existing implementation.
Changes:
- Expanded elicitation schema to demonstrate 9 field types:
* string (plain and with default values)
* boolean
* email (format: "email")
* uri (format: "uri")
* date (format: "date")
* integer (with min/max and default)
* number (with min/max and default)
* enum with enumNames for human-readable labels
- Added required fields support (name field is required)
- Added 10-minute timeout to elicitation request
- Improved response handling to dynamically show all provided fields
- Updated tool description to reflect comprehensive field type support
- Removed unused requestElicitation helper function (inlined implementation)
- Removed unused ElicitRequest import
The implementation follows PR #17's approach of directly using
extra.sendRequest() while preserving the user-friendly response handling
with emojis and formatted output from the original implementation.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
