Skip to content

Commit 62832b9

Browse files
data-douserdata-douser
committed
resolve npm symlinks in entry guard & fix MCP IO
The npm/npx installation path was broken by two issues: 1. The import.meta.url entry guard used resolve() which does not follow symlinks. Global npm installs create a symlink (e.g. /opt/homebrew/bin/… → node_modules/.../dist/…), so the paths never matched and main() was never called. The server exited silently. Fix: use realpathSync(resolve(…)) to follow symlinks. 2. dotenv v17 prints a banner to stdout by default, which corrupts the MCP stdio JSON-RPC channel. Fix: pass quiet: true to dotenv.config().
1 parent 5e49a17 commit 62832b9

File tree

3 files changed

+13
-7
lines changed

3 files changed

+13
-7
lines changed

server/dist/codeql-development-mcp-server.js

Lines changed: 3 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

server/dist/codeql-development-mcp-server.js.map

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

server/src/codeql-development-mcp-server.ts

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/
99
import express from 'express';
1010
import cors from 'cors';
1111
import dotenv from 'dotenv';
12+
import { realpathSync } from 'fs';
1213
import { resolve } from 'path';
1314
import { pathToFileURL } from 'url';
1415
import { registerCodeQLTools, registerCodeQLResources } from './tools';
@@ -25,7 +26,9 @@ import { logger } from './utils/logger';
2526
// Load environment variables from a .env file co-located with the package root.
2627
// Uses the package directory (not CWD) so that npm-installed users don't
2728
// accidentally inherit a .env from their project.
28-
dotenv.config({ path: resolve(packageRootDir, '.env') });
29+
// Set DOTENV_CONFIG_QUIET to suppress the dotenv banner that would otherwise
30+
// leak to stdout and corrupt the MCP stdio JSON-RPC channel.
31+
dotenv.config({ path: resolve(packageRootDir, '.env'), quiet: true });
2932

3033
const PACKAGE_NAME = 'codeql-development-mcp-server';
3134
const VERSION = '2.24.1';
@@ -173,8 +176,10 @@ async function main(): Promise<void> {
173176
}
174177
}
175178

176-
// Start the server if this file is run directly
177-
const scriptPath = process.argv[1] ? resolve(process.argv[1]) : undefined;
179+
// Start the server if this file is run directly.
180+
// Use realpathSync to resolve npm/npx symlinks so the guard works for both
181+
// direct invocation and globally-installed npm bin entries.
182+
const scriptPath = process.argv[1] ? realpathSync(resolve(process.argv[1])) : undefined;
178183
if (scriptPath && import.meta.url === pathToFileURL(scriptPath).href) {
179184
main();
180185
}

0 commit comments

Comments
 (0)