The update-packages job needs to push tags to the repository but was
missing the required `permissions: contents: write`. This caused the
workflow to fail with a 403 error when trying to push the version tag.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude <noreply@anthropic.com>
Import `BadName` from `git.exc` directly instead of accessing it via
`git.exc.BadName`, which pyright doesn't recognize as a valid attribute
access on the `git` module.
This fixes the pyright CI failures introduced by the recent security
patches (GHSA merges).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
The syncRoots call should be idempotent, requesting roots if they haven't been yet for the session, but always retuning the cached roots otherwise. That could be deferred but setting the handler for roots_list changed note should not.
* In server/roots.ts
- only set the notification handler and call for initial roots list if the roots aren't already cached for this client.
* In server/index.ts
- in the oninitialized handler
- get the sessionId from the transport
- set a 350ms timeout to call syncRoots with the server and sessionId
- this delay cause it to run after the `notifications/initialized` handler finishes, otherwise, the request gets lost.
* All other changes attributable to prettier
Validate that repo_path arguments in tool calls are within the
configured --repository path when the --repository flag is set.
The fix:
- Adds validate_repo_path() that resolves paths and checks
containment using Path.relative_to()
- Resolves symlinks before comparison
- Maintains backward compatibility when --repository is not set
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Paul Carleton <paulc@anthropic.com>
Add validation to reject arguments starting with '-' and verify
arguments resolve to valid git refs via rev_parse before passing
to git CLI commands. This prevents flag-like values from being
interpreted as command-line options (e.g., --output=/path/to/file).
CWE-88: Improper Neutralization of Argument Delimiters in a Command
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude <noreply@anthropic.com>
* In server/roots.ts
- in syncRoots, if roots are supported fetch them
* In get-roots-list.ts,
- Don't import and inspect current roots map, just call syncRoots to get the list.
* In how-it-works.md,
- added a section on conditional tool registration
* In server/index.ts
- import registerConditionalTools
- in an oninitialized handler for the server, call registerConditionalTools
- removed clientConnected from ServerFactoryResponse and all mentions in docs
* In tools/index.ts
- export a registerConditionalTools function
- refactor/move calls to registerGetRootsListTool, registerTriggerElicitationRequestTool, and registerTriggerSamplingRequestTool out of registerTools and into registerConditionalTools
* In server/roots.ts
- only act if client supports roots
- remove setInterval from call to requestRoots. It isn't happening during the initialze handshake anymore, so it doesn't interfere with that process if called immediaately
* In get-roots-list.ts, trigger-elicitation-request.ts, and trigger-sampling-request.ts,
- only register tool if client supports capability
* Throughout the rest of the files, removing all references to `clientConnected`
* In get-roots-list.ts, query the server's cache of the latest roots from the client and only request the list from the client if it doesn't exist.
* In roots.ts, export the roots map
* In get-roots-list.ts, query the server's cache of the latest roots from the client and only request the list from the client if it doesn't exist.
* In roots.ts, export the roots map
