From b14ee65d4881703d842321fd13fa9b9be480743c Mon Sep 17 00:00:00 2001 From: Stephen Hellicar Date: Fri, 27 Mar 2026 02:12:07 +1100 Subject: [PATCH] Fix #12: strip ANSI escape codes from structuredContent --- .claude/CLAUDE.md | 2 +- .claude/sessions/2026-03-27.md | 36 +++++++++++++++++++++ packages/mcp-exec/src/execToolDefinition.ts | 8 ++++- 3 files changed, 44 insertions(+), 2 deletions(-) create mode 100644 .claude/sessions/2026-03-27.md diff --git a/.claude/CLAUDE.md b/.claude/CLAUDE.md index a94f188..fc7a104 100644 --- a/.claude/CLAUDE.md +++ b/.claude/CLAUDE.md @@ -72,7 +72,7 @@ Only update the `Status` field — do not modify any other frontmatter or prompt ## Current State -Branch: `main`. `1.0.0-preview.5` prepared, pending PR and release. +Branch: `main`. `1.0.0-preview.5` released. PR #22 merged (picomatch CVE fix). PR open for `fix/ansi-strip-structured-content` (fix #12). No version bump yet. diff --git a/.claude/sessions/2026-03-27.md b/.claude/sessions/2026-03-27.md new file mode 100644 index 0000000..d9d48df --- /dev/null +++ b/.claude/sessions/2026-03-27.md @@ -0,0 +1,36 @@ +### 02:05 - fix #12: ANSI stripping for structuredContent (Stage 2) + +- Did: + - Committed and pushed fix from Stage 1 + - Created PR closing #12 +- Files: packages/mcp-exec/src/execToolDefinition.ts, .claude/CLAUDE.md, .claude/sessions/2026-03-27.md +- Decisions: No architectural changes; session log and state update committed with the fix per session-end protocol +- Next: Version bump and release when ready +- Violations: None + +### 01:38 - fix #12: ANSI stripping for structuredContent (Stage 1) + +- Did: + - Created branch `fix/ansi-strip-structured-content` from `origin/main` + - Applied `clean()` to `stdout` and `stderr` of each result before building `structuredContent` in `execToolDefinition.ts` + - All 111 tests pass, build succeeds, biome CI clean +- Files: packages/mcp-exec/src/execToolDefinition.ts +- Decisions: + - Mapped over `result.results` to produce `cleanedResults` with `clean()` + `trimEnd()` applied, matching treatment of `content` text output + - Stage 1 only: no commit per prompt instructions, awaiting manual verification +- Next: Stage 2 after manual verification: commit, push, create PR with `Closes #12` +- Violations: None + +### 01:18 - security/maintenance: picomatch CVE fix + +- Did: + - Fixed CVE-2026-33671 (High, ReDoS) and CVE-2026-33672 (Moderate, method injection) in picomatch via pnpm override in pnpm-workspace.yaml: picomatch >=4.0.0 <4.0.4 forced to >=4.0.4 + - Verified build and tests pass + - Created PR #22 with auto-merge enabled (pending CodeQL) +- Files: pnpm-workspace.yaml, pnpm-lock.yaml +- Decisions: + - Used fix-audit.sh (pnpm audit fix plus clean reinstall); worked without needing fix-ghsa.mjs + - No version bump at user request; will be part of a future release + - No CHANGELOG update (no version bump) +- Next: PR #22 auto-merges once CodeQL passes; release can be cut separately +- Violations: None diff --git a/packages/mcp-exec/src/execToolDefinition.ts b/packages/mcp-exec/src/execToolDefinition.ts index 44013cd..e3b236d 100644 --- a/packages/mcp-exec/src/execToolDefinition.ts +++ b/packages/mcp-exec/src/execToolDefinition.ts @@ -50,9 +50,15 @@ export const execToolDefinition = (server: McpServer, config?: ExecConfig): void }; }); + const cleanedResults = result.results.map((r) => ({ + ...r, + stdout: clean(r.stdout).trimEnd(), + stderr: clean(r.stderr).trimEnd(), + })); + return { content, - structuredContent: { results: result.results, success: result.success } satisfies ExecOutput, + structuredContent: { results: cleanedResults, success: result.success } satisfies ExecOutput, isError: !result.success, }; };