77b245461f
Maintainer decision on the escalated ReDoS fork: use re2. The regex path compiled agent-supplied patterns with `new RegExp` and ran them synchronously in the shared event-loop; a catastrophic-backtracking pattern (e.g. `(a+)+$`) hung the whole Node backend for all users (the tool is in both transports incl. the in-app apps/server agent), and size caps do NOT bound backtracking. Switch the regex engine to re2 (Google RE2, linear-time, no backtracking): - `new RE2(query, caseSensitive?'g':'gi')`. RE2 extends RegExp, so eachMatch and the zero-length-match lastIndex guard are unchanged. - Unsupported patterns are now a CLEAN error, not a hang: RE2 throws on invalid syntax AND on the backtracking-only features it can't do (lookaround (?=…)/(?<=…), backreferences \1) — caught at compile and returned as a clear tool error telling the agent to rewrite without them. - Removed MAX_CONTAINER_TEXT + the per-container slice (re2 is linear, so it's no longer a ReDoS defense, and truncating risked silently dropping real matches in a long container); kept MAX_PATTERN_LENGTH as a cheap query sanity cap. - Verified: `(a+)+$` over 50k `a` completes in ~4ms; lookaround/backref throw. - Added re2 (^1.21.0) to packages/mcp; lockfile updated. Reviewer DO items: - F1 [doc]: removed the false "pass nodeId as a comment anchor" claim (create_comment has no nodeId param — it needs a text `selection`). Fixed in tool-specs.ts + page-search.ts (module + SearchMatch JSDoc) + client.ts; the ref is for get_node/patch_node, and for a comment you build a unique text selection from before+match+after. - F2 [doc]: clarified `#<index>` refs (id-less table/cell) are accepted by get_node but NOT patch_node (id-only). - F3 [test]: round-trip — each match's nodeId fed to the real getNodeByRef (attrs.id node + `#<index>` table-cell) to prove the ref format is consumable. - F4 [test]: before/after edge-pinning (match in first 40 chars of a long container; index 0 → before==""; container end → after==""). - New re2 tests: catastrophic patterns complete fast; lookaround/backref → error. mcp: tsc clean; node --test 472 passed (+5). apps/server: tsc --noEmit clean. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
66 lines
1.8 KiB
JSON
66 lines
1.8 KiB
JSON
{
|
|
"name": "@docmost/mcp",
|
|
"version": "1.0.0",
|
|
"description": "A Model Context Protocol (MCP) server for Docmost, allowing AI agents to manage documentation spaces and pages.",
|
|
"private": true,
|
|
"type": "module",
|
|
"main": "./build/index.js",
|
|
"exports": {
|
|
".": "./build/index.js",
|
|
"./http": "./build/http.js"
|
|
},
|
|
"bin": {
|
|
"docmost-mcp": "./build/stdio.js"
|
|
},
|
|
"scripts": {
|
|
"build": "tsc",
|
|
"start": "node build/stdio.js",
|
|
"watch": "tsc --watch",
|
|
"pretest": "tsc",
|
|
"test": "node --test \"test/unit/*.test.mjs\" \"test/mock/*.test.mjs\"",
|
|
"test:unit": "node --test \"test/unit/*.test.mjs\"",
|
|
"test:mock": "node --test \"test/mock/*.test.mjs\"",
|
|
"test:e2e": "node test-e2e.mjs"
|
|
},
|
|
"keywords": [
|
|
"mcp",
|
|
"docmost",
|
|
"documentation",
|
|
"ai",
|
|
"agent"
|
|
],
|
|
"author": "Moritz Krause",
|
|
"license": "MIT",
|
|
"dependencies": {
|
|
"@fellow/prosemirror-recreate-transform": "^1.2.3",
|
|
"@hocuspocus/provider": "^3.4.4",
|
|
"@hocuspocus/transformer": "^3.4.4",
|
|
"@modelcontextprotocol/sdk": "^1.25.3",
|
|
"@tiptap/core": "3.20.4",
|
|
"@tiptap/extension-highlight": "3.20.4",
|
|
"@tiptap/extension-image": "3.20.4",
|
|
"@tiptap/extension-link": "3.20.4",
|
|
"@tiptap/extension-subscript": "3.20.4",
|
|
"@tiptap/extension-superscript": "3.20.4",
|
|
"@tiptap/extension-task-item": "3.20.4",
|
|
"@tiptap/extension-task-list": "3.20.4",
|
|
"@tiptap/html": "3.20.4",
|
|
"@tiptap/starter-kit": "3.20.4",
|
|
"@types/jsdom": "^27.0.0",
|
|
"axios": "^1.6.0",
|
|
"form-data": "^4.0.0",
|
|
"jsdom": "^27.4.0",
|
|
"marked": "^17.0.1",
|
|
"re2": "^1.21.0",
|
|
"ws": "^8.19.0",
|
|
"y-prosemirror": "1.3.7",
|
|
"yjs": "^13.6.29",
|
|
"zod": "^3.22.0"
|
|
},
|
|
"devDependencies": {
|
|
"@types/form-data": "^2.5.0",
|
|
"@types/node": "^20.0.0",
|
|
"typescript": "^5.0.0"
|
|
}
|
|
}
|