Merge pull request #285 from manoj-k04/PMAA-100-disable-runpercyscan

fix(percy): disable runPercyScan

Author: gaurav-singh-9227

src/tools/percy-sdk.ts

@@ -2,7 +2,8 @@ import { trackMCP } from "../index.js";
 import { BrowserStackConfig } from "../lib/types.js";
 import { fetchPercyChanges } from "./review-agent.js";
 import { addListTestFiles } from "./list-test-files.js";
-import { runPercyScan } from "./run-percy-scan.js";
+// PMAA-100: runPercyScan tool temporarily disabled due to plaintext token leak in tool output.
+// import { runPercyScan } from "./run-percy-scan.js";
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { SetUpPercyParamsShape } from "./sdk-utils/common/schema.js";
 import { updateTestsWithPercyCommands } from "./add-percy-snapshots.js";
@@ -21,7 +22,8 @@ import {
 import { UpdateTestFileWithInstructionsParams } from "./percy-snapshot-utils/constants.js";
 
 import {
-  RunPercyScanParamsShape,
+  // PMAA-100: kept commented so the registration block below is easy to restore once the proper fix lands.
+  // RunPercyScanParamsShape,
   FetchPercyChangesParamsShape,
   ManagePercyBuildApprovalParamsShape,
 } from "./sdk-utils/common/schema.js";
@@ -133,19 +135,22 @@ export function registerPercyTools(
     },
   );
 
-  tools.runPercyScan = server.tool(
-    "runPercyScan",
-    "Run a Percy visual test scan. Example prompts : Run this Percy build/scan. Never run percy scan/build without this tool",
-    RunPercyScanParamsShape,
-    async (args) => {
-      try {
-        trackMCP("runPercyScan", server.server.getClientVersion()!, config);
-        return runPercyScan(args, config);
-      } catch (error) {
-        return handleMCPError("runPercyScan", server, config, error);
-      }
-    },
-  );
+  // PMAA-100: runPercyScan temporarily disabled — fetched Percy token was being
+  // returned in plaintext within tool output (see HackerOne #3576387). Re-enable
+  // once the token is replaced with a placeholder in run-percy-scan.ts.
+  // tools.runPercyScan = server.tool(
+  //   "runPercyScan",
+  //   "Run a Percy visual test scan. Example prompts : Run this Percy build/scan. Never run percy scan/build without this tool",
+  //   RunPercyScanParamsShape,
+  //   async (args) => {
+  //     try {
+  //       trackMCP("runPercyScan", server.server.getClientVersion()!, config);
+  //       return runPercyScan(args, config);
+  //     } catch (error) {
+  //       return handleMCPError("runPercyScan", server, config, error);
+  //     }
+  //   },
+  // );
 
   tools.fetchPercyChanges = server.tool(
     "fetchPercyChanges",

tests/tools/percySdk.test.ts

@@ -2,7 +2,8 @@ import { describe, it, expect, vi, beforeEach } from "vitest";
 import { registerPercyTools } from "../../src/tools/percy-sdk";
 import { setUpPercyHandler, simulatePercyChangeHandler } from "../../src/tools/sdk-utils/handler";
 import { updateTestsWithPercyCommands } from "../../src/tools/add-percy-snapshots";
-import { runPercyScan } from "../../src/tools/run-percy-scan";
+// PMAA-100: runPercyScan registration disabled — restore import alongside the test.
+// import { runPercyScan } from "../../src/tools/run-percy-scan";
 import { fetchPercyChanges } from "../../src/tools/review-agent";
 import { approveOrDeclinePercyBuild } from "../../src/tools/review-agent-utils/percy-approve-reject";
 
@@ -13,9 +14,10 @@ vi.mock("../../src/tools/sdk-utils/handler", () => ({
 vi.mock("../../src/tools/add-percy-snapshots", () => ({
   updateTestsWithPercyCommands: vi.fn(),
 }));
-vi.mock("../../src/tools/run-percy-scan", () => ({
-  runPercyScan: vi.fn(),
-}));
+// PMAA-100: runPercyScan registration disabled — restore mock alongside the test.
+// vi.mock("../../src/tools/run-percy-scan", () => ({
+//   runPercyScan: vi.fn(),
+// }));
 vi.mock("../../src/tools/review-agent", () => ({
   fetchPercyChanges: vi.fn(),
 }));
@@ -64,7 +66,8 @@ describe("Percy SDK Tools", () => {
     expect(toolNames).toContain("expandPercyVisualTesting");
     expect(toolNames).toContain("addPercySnapshotCommands");
     expect(toolNames).toContain("listTestFiles");
-    expect(toolNames).toContain("runPercyScan");
+    // PMAA-100: runPercyScan registration disabled — restore once the token leak is fixed.
+    // expect(toolNames).toContain("runPercyScan");
     expect(toolNames).toContain("fetchPercyChanges");
     expect(toolNames).toContain("managePercyBuildApproval");
   });
@@ -118,14 +121,15 @@ describe("Percy SDK Tools", () => {
     expect(result.content[0].text).toContain("Commands added");
   });
 
-  it("runPercyScan - SUCCESS", async () => {
-    (runPercyScan as any).mockResolvedValue({
-      content: [{ type: "text", text: "Percy scan started" }],
-    });
-
-    const result = await handlers["runPercyScan"]({ projectName: "test" });
-    expect(result.content[0].text).toContain("Percy scan");
-  });
+  // PMAA-100: runPercyScan registration disabled — restore once the token leak is fixed.
+  // it("runPercyScan - SUCCESS", async () => {
+  //   (runPercyScan as any).mockResolvedValue({
+  //     content: [{ type: "text", text: "Percy scan started" }],
+  //   });
+  //
+  //   const result = await handlers["runPercyScan"]({ projectName: "test" });
+  //   expect(result.content[0].text).toContain("Percy scan");
+  // });
 
   it("fetchPercyChanges - SUCCESS", async () => {
     (fetchPercyChanges as any).mockResolvedValue({