feat: enhanced structural validation for validate command#209
feat: enhanced structural validation for validate command#209bryan-anthropic wants to merge 2 commits intomainfrom
Conversation
Add three pre-pack validators to catch common runtime failures early:
- validateEntryPoint: checks file exists, extension matches server type,
binary has executable bit (Unix)
- validateCommandVariables: scans mcp_config for unrecognized ${...}
variables against the runtime allowlist
- validateSensitiveFiles: warns about credentials.json, *.pem, *.key,
.ssh/, etc. that would be bundled
validateManifest() now accepts optional { projectDir } to separate the
manifest directory from the source file directory.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
@claude can you review this |
There was a problem hiding this comment.
Review by Claude Code
Looks good — three practical pre-pack validators that catch real issues early (missing entry points, invalid variables, sensitive file leaks).
A few observations:
-
Clean API design — the
ValidationResultinterface and themanifestDirvsprojectDirseparation are well thought out. Pack passingprojectDirto handle external manifests is a nice touch. -
Sensitive files as warnings-only — correct call. A
.pemcould be a legitimate TLS cert; erroring would be too opinionated. -
Test coverage — 11 new integration tests covering all three validators, plus existing fixtures updated for entry_point checks. Solid.
Minor nit: the silent catch {} in validateSensitiveFiles could mask unexpected errors from getAllFilesWithCount, but the comment explains the rationale (pack will fail with a clearer error downstream). Fine as-is.
When server.type is "binary", mcpb pack now ensures the entry_point file has execute bits (|0o111) in the ZIP external_attr, regardless of the source filesystem permissions. This prevents EACCES failures when Claude Desktop extracts Windows-built binary MCPBs (which store 644 because Windows has no Unix execute bit). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
tobinsouth
left a comment
tobinsouth
left a comment
There was a problem hiding this comment.
Both commits look good. The three validators (entry point, command variables, sensitive files) catch real runtime failures early, and the error-vs-warning split is correct — sensitive files as warnings-only is the right call since .pem can be legitimate. The second commit's mode | 0o111 on binary entry points is clean and the test confirms non-entry files keep original perms (0o700 → 0o711, config.json stays 0o644). pack.ts hunks don't overlap with #208's. CI green including the second commit.
2 participants
Summary
mcpb validatethat catch common runtime failures early:mcp_configfor unrecognized${...}patterns (e.g.${BUNDLE_ROOT}which silently fails at runtime)credentials.json,*.pem,*.key,.ssh/etc. that would be bundledvalidateManifest()accepts optional{ projectDir }to support external manifest pathsmcpb packenforces executable permissions on binary entry points — whenserver.type === "binary", pack ensures the entry_point file has execute bits (|0o111) in the ZIPexternal_attr, preventing EACCES failures when Claude Desktop extracts Windows-built binary MCPBsBinary permission context
Claude Desktop's MCPB extraction preserves ZIP-stored permissions without post-processing. Windows-built ZIPs store 644 (no execute bit) because Windows has no Unix permission concept. This causes
Permission deniedwhen CD tries to spawn binary entry points. The validate check catches this at dev time; the pack fix ensures correct permissions in the produced artifact.Closes #57
Test plan
yarn build— cleanyarn lint— cleanyarn test— 230 pass (218 existing + 12 new)${BUNDLE_ROOT}→ fix to${__dirname}→ pack → MCP initialize succeedscredentials.jsonin subdir → warning (exits 0)🤖 Generated with Claude Code