From c940a4b63dea3d3afc4e77ef2268e20ab8d44495 Mon Sep 17 00:00:00 2001 From: Filipe Constantinov Menezes Date: Wed, 12 Nov 2025 10:21:33 +0000 Subject: [PATCH 01/11] chore: add pre-commit hooks [MCP-284] --- .husky/pre-commit | 14 +++++++ package-lock.json | 40 +++++++++++++++++++ package.json | 3 +- .../fixtures/httpsServerProxyTest.ts | 2 + 4 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 .husky/pre-commit diff --git a/.husky/pre-commit b/.husky/pre-commit new file mode 100644 index 000000000..295188539 --- /dev/null +++ b/.husky/pre-commit @@ -0,0 +1,14 @@ +GIT_SECRETS_PATH=$(which git-secrets) + +if [ ! -x "$GIT_SECRETS_PATH" ] +then + echo "git-secrets is not installed. Please run 'brew install git-secrets' or visit https://github.com/awslabs/git-secrets#installing-git-secrets" + exit 1 +fi + +git-secrets --register-aws > /dev/null +git-secrets --pre_commit_hook -- "$@" + +npm run fix +npm run check +npm test -- --run tests/unit diff --git a/package-lock.json b/package-lock.json index c40768b80..bb904b3f0 100644 --- a/package-lock.json +++ b/package-lock.json @@ -56,6 +56,7 @@ "eslint-config-prettier": "^10.1.8", "eslint-plugin-prettier": "^5.5.4", "globals": "^16.3.0", + "husky": "^9.1.7", "knip": "^5.63.1", "mongodb": "^6.19.0", "mongodb-runner": "^5.9.2", @@ -1638,6 +1639,7 @@ "resolved": "https://registry.npmjs.org/@mongodb-js/oidc-plugin/-/oidc-plugin-2.0.4.tgz", "integrity": "sha512-mB7kEK80+DD2QrB01GmtFKm02ItJpIO9j7OARMHI4RL+rVQD3Ey9giluf3xQtuSdcmg7a+bf5fkJgQZCWMvRPg==", "license": "Apache-2.0", + "peer": true, "dependencies": { "express": "^5.1.0", "node-fetch": "^3.3.2", @@ -1891,6 +1893,7 @@ "resolved": "https://registry.npmjs.org/@opentelemetry/api/-/api-1.9.0.tgz", "integrity": "sha512-3giAOQvZiH5F9bMlMiv8+GSPMeqg0dbaeo58/0SlA9sxSqZhnUtxzX9/2FzyhS9sWQf5S0GJE0AKBrFqjpeYcg==", "license": "Apache-2.0", + "peer": true, "engines": { "node": ">=8.0.0" } @@ -4032,6 +4035,7 @@ "integrity": "sha512-/NbVmcGTP+lj5oa4yiYxxeBjRivKQ5Ns1eSZeB99ExsEQ6rX5XYU1Zy/gGxY/ilqtD4Etx9mKyrPxZRetiahhA==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "undici-types": "~7.14.0" } @@ -4813,6 +4817,7 @@ "integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==", "dev": true, "license": "MIT", + "peer": true, "bin": { "acorn": "bin/acorn" }, @@ -4875,6 +4880,7 @@ "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", "license": "MIT", + "peer": true, "dependencies": { "fast-deep-equal": "^3.1.1", "fast-json-stable-stringify": "^2.0.0", @@ -5591,6 +5597,7 @@ "resolved": "https://registry.npmjs.org/bson/-/bson-6.10.4.tgz", "integrity": "sha512-WIsKqkSC0ABoBJuT1LEX+2HEvNmNKKgnTAyd0fL8qzK4SH2i9NXg+t08YtdZp/V9IZ33cxe3iV4yM0qg8lMQng==", "license": "Apache-2.0", + "peer": true, "engines": { "node": ">=16.20.1" } @@ -7097,6 +7104,7 @@ "integrity": "sha512-QePbBFMJFjgmlE+cXAlbHZbHpdFVS2E/6vzCy7aKlebddvl1vadiC4JFV5u/wqTkNUwEV8WrQi257jf5f06hrg==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "@eslint-community/eslint-utils": "^4.8.0", "@eslint-community/regexpp": "^4.12.1", @@ -7158,6 +7166,7 @@ "integrity": "sha512-82GZUjRS0p/jganf6q1rEO25VSoHH0hKPCTrgillPjdI/3bgBhAE1QzHrHTizjpRvy6pGAvKjDJtk2pF9NDq8w==", "dev": true, "license": "MIT", + "peer": true, "bin": { "eslint-config-prettier": "bin/cli.js" }, @@ -7471,6 +7480,7 @@ "resolved": "https://registry.npmjs.org/express/-/express-5.1.0.tgz", "integrity": "sha512-DT9ck5YIRU+8GYzzU5kT3eHGA5iL+1Zd0EutOmTE9Dtk+Tvuzd23VBU+ec7HPNSTxXYO55gPV/hq4pSBJDjFpA==", "license": "MIT", + "peer": true, "dependencies": { "accepts": "^2.0.0", "body-parser": "^2.2.0", @@ -8391,6 +8401,22 @@ "node": ">= 14" } }, + "node_modules/husky": { + "version": "9.1.7", + "resolved": "https://registry.npmjs.org/husky/-/husky-9.1.7.tgz", + "integrity": "sha512-5gs5ytaNjBrh5Ow3zrvdUUY+0VxIuWVL4i9irt6friV+BqdCfmV11CQTWMiBYWHbXhco+J1kHfTOUkePhCDvMA==", + "dev": true, + "license": "MIT", + "bin": { + "husky": "bin.js" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/typicode" + } + }, "node_modules/iconv-lite": { "version": "0.6.3", "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz", @@ -9731,6 +9757,7 @@ "integrity": "sha512-UczzB+0nnwGotYSgllfARAqWCJ5e/skuV2K/l+Zyck/H6pJIhLXuBnz+6vn2i211o7DtbE78HQtsYEKICHGI+g==", "dev": true, "license": "MIT", + "peer": true, "funding": { "type": "opencollective", "url": "https://opencollective.com/mobx" @@ -9793,6 +9820,7 @@ "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-6.20.0.tgz", "integrity": "sha512-Tl6MEIU3K4Rq3TSHd+sZQqRBoGlFsOgNrH5ltAcFBV62Re3Fd+FcaVf8uSEQFOJ51SDowDVttBTONMfoYWrWlQ==", "license": "Apache-2.0", + "peer": true, "dependencies": { "@mongodb-js/saslprep": "^1.3.0", "bson": "^6.10.4", @@ -9942,6 +9970,7 @@ "resolved": "https://registry.npmjs.org/mongodb-log-writer/-/mongodb-log-writer-2.4.2.tgz", "integrity": "sha512-jXKSNG/z3sBgD42p2puOoBHKcxKHJhiIVfvGhSlwNezJIr7aL74kpKowQ3kG8Oq+nljhjfDNru8Meeq24Em3lg==", "license": "Apache-2.0", + "peer": true, "dependencies": { "heap-js": "^2.3.0" }, @@ -11017,6 +11046,7 @@ "integrity": "sha512-I7AIg5boAr5R0FFtJ6rCfD+LFsWHp81dolrFD8S79U9tb8Az2nGrJncnMSnys+bpQJfRUzqs9hnA81OAA3hCuQ==", "dev": true, "license": "MIT", + "peer": true, "bin": { "prettier": "bin/prettier.cjs" }, @@ -11301,6 +11331,7 @@ "integrity": "sha512-wS+hAgJShR0KhEvPJArfuPVN1+Hz1t0Y6n5jLrGQbkb4urgPE/0Rve+1kMB1v/oWgHgm4WIcV+i7F2pTVj+2iQ==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "loose-envify": "^1.1.0" }, @@ -11314,6 +11345,7 @@ "integrity": "sha512-5m4nQKp+rZRb09LNH59GM4BxTh9251/ylbKIbpe7TpGxfJ+9kv6BLkLBXIjjspbgbnIBNqlI23tRnTWT0snUIw==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "loose-envify": "^1.1.0", "scheduler": "^0.23.2" @@ -12919,6 +12951,7 @@ "integrity": "sha512-1v/e3Dl1BknC37cXMhwGomhO8AkYmN41CqyX9xhUDxry1ns3BFQy2lLDRQXJRdVVWB9OHemv/53xaStimvWyuA==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "@emotion/is-prop-valid": "1.2.2", "@emotion/unitless": "0.8.1", @@ -13531,6 +13564,7 @@ "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==", "dev": true, "license": "MIT", + "peer": true, "engines": { "node": ">=12" }, @@ -13719,6 +13753,7 @@ "integrity": "sha512-ytQKuwgmrrkDTFP4LjR0ToE2nqgy886GpvRSpU0JAnrdBYppuY5rLkRUYPU1yCryb24SsKBTL/hlDQAEFVwtZg==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "esbuild": "~0.25.0", "get-tsconfig": "^4.7.5" @@ -13872,6 +13907,7 @@ "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==", "dev": true, "license": "Apache-2.0", + "peer": true, "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" @@ -14144,6 +14180,7 @@ "integrity": "sha512-4cKBO9wR75r0BeIWWWId9XK9Lj6La5X846Zw9dFfzMRw38IlTk2iCcUt6hsyiDRcPidc55ZParFYDXi0nXOeLQ==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "esbuild": "^0.25.0", "fdir": "^6.5.0", @@ -14260,6 +14297,7 @@ "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==", "dev": true, "license": "MIT", + "peer": true, "engines": { "node": ">=12" }, @@ -14302,6 +14340,7 @@ "integrity": "sha512-LUCP5ev3GURDysTWiP47wRRUpLKMOfPh+yKTx3kVIEiu5KOMeqzpnYNsKyOoVrULivR8tLcks4+lga33Whn90A==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "@types/chai": "^5.2.2", "@vitest/expect": "3.2.4", @@ -14909,6 +14948,7 @@ "resolved": "https://registry.npmjs.org/zod/-/zod-3.25.76.tgz", "integrity": "sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ==", "license": "MIT", + "peer": true, "funding": { "url": "https://github.com/sponsors/colinhacks" } diff --git a/package.json b/package.json index 24dab3daf..60f29da40 100644 --- a/package.json +++ b/package.json @@ -35,7 +35,7 @@ "scripts": { "start": "node dist/index.js --transport http --loggers stderr mcp", "start:stdio": "node dist/index.js --transport stdio --loggers stderr mcp", - "prepare": "npm run build", + "prepare": "husky", "build:clean": "rm -rf dist", "build:update-package-version": "tsx scripts/updatePackageVersion.ts", "build:esm": "tsc --project tsconfig.esm.json && chmod +x dist/esm/index.js", @@ -84,6 +84,7 @@ "eslint-config-prettier": "^10.1.8", "eslint-plugin-prettier": "^5.5.4", "globals": "^16.3.0", + "husky": "^9.1.7", "knip": "^5.63.1", "mongodb": "^6.19.0", "mongodb-runner": "^5.9.2", diff --git a/tests/integration/fixtures/httpsServerProxyTest.ts b/tests/integration/fixtures/httpsServerProxyTest.ts index c06a546fe..f2a0fc944 100644 --- a/tests/integration/fixtures/httpsServerProxyTest.ts +++ b/tests/integration/fixtures/httpsServerProxyTest.ts @@ -43,6 +43,8 @@ export class HTTPServerProxyTestSetup { } requests: IncomingMessage[]; + + // note: these are self-signed certs for testing purposes, DO NOT use in production tlsOptions = Object.freeze({ key: readFileSync(path.resolve(__dirname, "server.key")), cert: readFileSync(path.resolve(__dirname, "server.pem")), From d182dee48b80e6c5e566291125c6bf0f7a8add99 Mon Sep 17 00:00:00 2001 From: Filipe Constantinov Menezes Date: Wed, 12 Nov 2025 14:47:43 +0000 Subject: [PATCH 02/11] fix --- .husky/pre-commit | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.husky/pre-commit b/.husky/pre-commit index 295188539..38f8c2f54 100644 --- a/.husky/pre-commit +++ b/.husky/pre-commit @@ -7,7 +7,7 @@ then fi git-secrets --register-aws > /dev/null -git-secrets --pre_commit_hook -- "$@" +git-secrets --scan npm run fix npm run check From 5bad587281872ab3b8dfb19cc510c725a6d02eeb Mon Sep 17 00:00:00 2001 From: Filipe Constantinov Menezes Date: Wed, 12 Nov 2025 14:49:29 +0000 Subject: [PATCH 03/11] fix --- .husky/pre-commit | 1 - 1 file changed, 1 deletion(-) diff --git a/.husky/pre-commit b/.husky/pre-commit index 38f8c2f54..066f4d7b5 100644 --- a/.husky/pre-commit +++ b/.husky/pre-commit @@ -9,6 +9,5 @@ fi git-secrets --register-aws > /dev/null git-secrets --scan -npm run fix npm run check npm test -- --run tests/unit From db0999d9ae6224506d51193a7b5da0da450f088d Mon Sep 17 00:00:00 2001 From: Filipe Constantinov Menezes Date: Wed, 12 Nov 2025 14:50:18 +0000 Subject: [PATCH 04/11] fix --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 60f29da40..07d65e89b 100644 --- a/package.json +++ b/package.json @@ -35,7 +35,7 @@ "scripts": { "start": "node dist/index.js --transport http --loggers stderr mcp", "start:stdio": "node dist/index.js --transport stdio --loggers stderr mcp", - "prepare": "husky", + "prepare": "husky && npm run build", "build:clean": "rm -rf dist", "build:update-package-version": "tsx scripts/updatePackageVersion.ts", "build:esm": "tsc --project tsconfig.esm.json && chmod +x dist/esm/index.js", From d2bf0adc3a7d9815be9b5748f77f0e539f32dc41 Mon Sep 17 00:00:00 2001 From: Filipe Constantinov Menezes Date: Wed, 12 Nov 2025 15:36:24 +0000 Subject: [PATCH 05/11] fix --- .husky/pre-commit | 3 --- .husky/pre-push | 2 ++ 2 files changed, 2 insertions(+), 3 deletions(-) create mode 100644 .husky/pre-push diff --git a/.husky/pre-commit b/.husky/pre-commit index 066f4d7b5..f2ac0135c 100644 --- a/.husky/pre-commit +++ b/.husky/pre-commit @@ -8,6 +8,3 @@ fi git-secrets --register-aws > /dev/null git-secrets --scan - -npm run check -npm test -- --run tests/unit diff --git a/.husky/pre-push b/.husky/pre-push new file mode 100644 index 000000000..23400d95b --- /dev/null +++ b/.husky/pre-push @@ -0,0 +1,2 @@ +npm run check +npm test -- --run tests/unit From c07215b90ebda0b1718f81180d39e47b45ac7b25 Mon Sep 17 00:00:00 2001 From: Filipe Constantinov Menezes Date: Wed, 12 Nov 2025 15:39:59 +0000 Subject: [PATCH 06/11] add tests --- .github/workflows/code-health.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/.github/workflows/code-health.yml b/.github/workflows/code-health.yml index 88988fa71..3e9cb2845 100644 --- a/.github/workflows/code-health.yml +++ b/.github/workflows/code-health.yml @@ -136,3 +136,21 @@ jobs: uses: coverallsapp/github-action@v2.3.6 with: file: coverage/lcov.info + + run-git-hooks: + name: Run git hooks + if: github.event_name == 'push' || (github.event.pull_request.user.login != 'dependabot[bot]' && github.event.pull_request.head.repo.full_name == github.repository) + runs-on: ubuntu-latest + steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + - uses: actions/checkout@v5 + with: + persist-credentials: false + - uses: actions/setup-node@v6 + with: + node-version-file: package.json + cache: "npm" + - name: Install dependencies + run: npm ci + - name: Run pre-commit and pre-push hooks + run: ./.husky/_/pre-commit && ./.husky/_/pre-push From d19055a3df5792d98aaeb8547897b25b7b5a2dcb Mon Sep 17 00:00:00 2001 From: Filipe Constantinov Menezes Date: Wed, 12 Nov 2025 15:49:47 +0000 Subject: [PATCH 07/11] fix --- .github/workflows/code-health.yml | 4 +++- .husky/pre-commit | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/code-health.yml b/.github/workflows/code-health.yml index 3e9cb2845..20cbad413 100644 --- a/.github/workflows/code-health.yml +++ b/.github/workflows/code-health.yml @@ -151,6 +151,8 @@ jobs: node-version-file: package.json cache: "npm" - name: Install dependencies - run: npm ci + run: | + apt-get install -y git-secrets + npm ci - name: Run pre-commit and pre-push hooks run: ./.husky/_/pre-commit && ./.husky/_/pre-push diff --git a/.husky/pre-commit b/.husky/pre-commit index f2ac0135c..d80c18a08 100644 --- a/.husky/pre-commit +++ b/.husky/pre-commit @@ -1,6 +1,6 @@ -GIT_SECRETS_PATH=$(which git-secrets) +#!/bin/bash -if [ ! -x "$GIT_SECRETS_PATH" ] +if [ ! "$(which git-secrets)" ] then echo "git-secrets is not installed. Please run 'brew install git-secrets' or visit https://github.com/awslabs/git-secrets#installing-git-secrets" exit 1 From 042e0c902ecdffc7dc07bdd25754015887d4e088 Mon Sep 17 00:00:00 2001 From: Filipe Constantinov Menezes Date: Wed, 12 Nov 2025 15:53:33 +0000 Subject: [PATCH 08/11] fix --- .github/workflows/code-health.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code-health.yml b/.github/workflows/code-health.yml index 20cbad413..77948ac7c 100644 --- a/.github/workflows/code-health.yml +++ b/.github/workflows/code-health.yml @@ -152,7 +152,7 @@ jobs: cache: "npm" - name: Install dependencies run: | - apt-get install -y git-secrets + sudo apt-get install -y git-secrets npm ci - name: Run pre-commit and pre-push hooks run: ./.husky/_/pre-commit && ./.husky/_/pre-push From 7a7b79da921cf87f9f0fe299e2f8d6e5c17ca1b9 Mon Sep 17 00:00:00 2001 From: Filipe Constantinov Menezes Date: Wed, 12 Nov 2025 16:04:16 +0000 Subject: [PATCH 09/11] fix --- .github/workflows/code-health.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/code-health.yml b/.github/workflows/code-health.yml index 77948ac7c..f49b7493f 100644 --- a/.github/workflows/code-health.yml +++ b/.github/workflows/code-health.yml @@ -137,8 +137,8 @@ jobs: with: file: coverage/lcov.info - run-git-hooks: - name: Run git hooks + run-git-secrets: + name: Run git secrets if: github.event_name == 'push' || (github.event.pull_request.user.login != 'dependabot[bot]' && github.event.pull_request.head.repo.full_name == github.repository) runs-on: ubuntu-latest steps: @@ -154,5 +154,5 @@ jobs: run: | sudo apt-get install -y git-secrets npm ci - - name: Run pre-commit and pre-push hooks - run: ./.husky/_/pre-commit && ./.husky/_/pre-push + - name: Run git-secrets + run: git-secrets --register-aws && git-secrets --scan From f3de062f0be9867a74a2fe8e2c909b70f46520f3 Mon Sep 17 00:00:00 2001 From: Filipe Constantinov Menezes Date: Wed, 12 Nov 2025 17:41:11 +0000 Subject: [PATCH 10/11] fix --- .husky/pre-push | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 .husky/pre-push diff --git a/.husky/pre-push b/.husky/pre-push deleted file mode 100644 index 23400d95b..000000000 --- a/.husky/pre-push +++ /dev/null @@ -1,2 +0,0 @@ -npm run check -npm test -- --run tests/unit From f0a27ec9986c46f031160c041a4f802160bc99f9 Mon Sep 17 00:00:00 2001 From: Filipe Constantinov Menezes Date: Wed, 12 Nov 2025 18:07:12 +0000 Subject: [PATCH 11/11] fix --- .github/workflows/code-health.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/code-health.yml b/.github/workflows/code-health.yml index f49b7493f..1d10b30ce 100644 --- a/.github/workflows/code-health.yml +++ b/.github/workflows/code-health.yml @@ -153,6 +153,5 @@ jobs: - name: Install dependencies run: | sudo apt-get install -y git-secrets - npm ci - name: Run git-secrets run: git-secrets --register-aws && git-secrets --scan