* bump: gitpython dependency from 3.1.43 to 3.1.45
* test: use default branch name instead of hardcoding 'master'
* fix: handle d.diff as string in GitPython 3.1.45+
**Files touched**
- [src/filesystem/index.ts](../blob/HEAD/src/filesystem/index.ts) — add `annotations` metadata to each tool definition
- [src/filesystem/README.md](../blob/HEAD/src/filesystem/README.md) — document ToolAnnotations mapping for all filesystem tools
## Description
This change adds MCP `ToolAnnotations` (`readOnlyHint`, `idempotentHint`, `destructiveHint`) to all filesystem tools and documents the mapping in the filesystem README. MCP clients can now accurately distinguish read‑only vs. write tools, understand which operations are safe to retry, and highlight potentially destructive actions.
## Server Details
- **Server**: filesystem
- **Area**: tools (metadata returned via `listTools` / `ListToolsRequest`) and server docs
## Motivation and Context
Previously, the filesystem server did not expose ToolAnnotations, so many clients (e.g. ChatGPT Apps) conservatively treated filesystem tools as generic write operations. This led to:
- READ operations being surfaced with WRITE badges and confirmation prompts.
- No way for clients to know which write tools are idempotent or potentially destructive.
This PR aligns the implementation with `servers#2988` and updates the README to clearly document the semantics of each tool. Read‑only operations no longer need to be treated as writes, and destructive/idempotent behavior is explicit for UI and retry logic.
## How Has This Been Tested?
- `npm run build --workspace @modelcontextprotocol/server-filesystem`
- `npm test --workspaces --if-present`
## Breaking Changes
None.
## Types of changes
- [ ] Bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing functionality to change)
- [x] Documentation update
## Checklist
- [x] I have read the [MCP Protocol Documentation](https://modelcontextprotocol.io)
- [x] My changes follows MCP security best practices
- [x] I have updated the server's README accordingly
- [x] I have tested this with an LLM client
- [x] My code follows the repository's style guidelines
- [x] New and existing tests pass locally
- [x] I have added appropriate error handling
- [ ] I have documented all environment variables and configuration options
## Additional context
None.
Co-authored-by: Valeriy_Pavlovich <vp@strato.space>
For text-only tool responses, simplify outputSchemas from complex nested
arrays to simple { content: z.string() } format. All tool responses now
include structuredContent matching their outputSchema, fixing MCP protocol
violations when tools had output schemas but no structured content.
This applies to both filesystem and everything servers.
Address two items from Camila's review:
1. Use blob type for non-image/non-audio media files, restoring the
original behavior. This matches the previous implementation which
used blob as the fallback for unknown binary types. Use type
assertion to satisfy the SDK's type constraints.
2. Reuse ReadTextFileArgsSchema.shape in the deprecated read_file tool
instead of redefining the schema inline.
* fix(memory): convert to modern TypeScript SDK APIs
Convert the memory server to use the modern McpServer API instead of
the low-level Server API.
Key changes:
- Replace Server with McpServer from @modelcontextprotocol/sdk/server/mcp.js
- Convert all 9 tools to use registerTool() instead of manual request handlers
- Create reusable Zod schemas for Entity and Relation types
- Use Zod schemas directly in inputSchema/outputSchema
- Add structuredContent to all tool responses
- Fix type literals to use 'as const' assertions
The modern API provides:
- Less boilerplate code (removed ~200 lines of schema definitions)
- Better type safety with Zod
- More declarative tool registration
- Cleaner, more maintainable code
* fix: exclude test files from TypeScript build
Add exclude for test files and vitest.config.ts to tsconfig
* fix(sequential-thinking): convert to modern TypeScript SDK APIs
Convert the sequential-thinking server to use the modern McpServer API
instead of the low-level Server API.
Key changes:
- Replace Server with McpServer from @modelcontextprotocol/sdk/server/mcp.js
- Use registerTool() method instead of manual request handlers
- Use Zod schemas directly in inputSchema/outputSchema
- Add structuredContent to tool responses
- Fix type literals to use 'as const' assertions
The modern API provides:
- Less boilerplate code
- Better type safety with Zod
- More declarative tool registration
- Cleaner, more maintainable code
* fix: exclude test files from TypeScript build
Add exclude for test files and vitest.config.ts to tsconfig
* refactor: remove redundant validation now handled by Zod
Zod schema already validates all required fields and types. Removed
validateThoughtData() method and kept only business logic validation
(adjusting totalThoughts if needed).
* fix(sequentialthinking): add Zod validation to processThought method
The modern API migration removed manual validation from processThought(),
but tests call this method directly, bypassing the Zod validation in the
tool registration layer. This commit adds Zod validation directly in the
processThought() method to ensure validation works both when called via
MCP and when called directly (e.g., in tests).
Also improves error message formatting to match the expected error
messages in the tests.
* refactor: simplify by removing redundant validation
Since processThought() is only called through the tool registration in
production, validation always happens via Zod schemas at that layer.
Removed redundant validation logic from processThought() and updated
tests to reflect this architectural decision.
Changes:
- Remove Zod validation from processThought() method
- Accept ThoughtData type instead of unknown
- Remove 10 validation tests that are now handled at tool registration
- Add comment explaining validation approach
* fix(filesystem): convert to modern TypeScript SDK APIs
Convert the filesystem server to use the modern McpServer API instead
of the low-level Server API.
Key changes:
- Replace Server with McpServer from @modelcontextprotocol/sdk/server/mcp.js
- Convert all 13 tools to use registerTool() instead of manual request handlers
- Use Zod schemas directly in inputSchema/outputSchema
- Add structuredContent to all tool responses
- Fix type literals to use 'as const' assertions
- Update roots protocol handling to use server.server.* pattern
- Fix tsconfig to exclude vitest.config.ts
Tools converted:
- read_file (deprecated)
- read_text_file
- read_media_file
- read_multiple_files
- write_file
- edit_file
- create_directory
- list_directory
- list_directory_with_sizes
- directory_tree
- move_file
- search_files
- get_file_info
- list_allowed_directories
The modern API provides:
- Less boilerplate code
- Better type safety with Zod
- More declarative tool registration
- Cleaner, more maintainable code
* fix: use default import for minimatch
minimatch v10+ uses default export instead of named export
* fix(filesystem): use named import for minimatch
The minimatch module doesn't have a default export, so we need to use
the named import syntax instead.
Fixes TypeScript compilation error:
error TS2613: Module has no default export. Did you mean to use
'import { minimatch } from "minimatch"' instead?
Models are confused about the case of the variables, which results into random validation errors. Keeping them the same helps to remove back and forth.
Adds test coverage for the previously untested git_status function.
The test verifies that the function returns valid git status output
containing branch information.
test files were being compiled into dist during build,
causing issues in docker environments. added exclude
pattern to tsconfig to skip __tests__ directory.
fixes#2928
The test was expecting forward slashes to always be converted to backslashes, but normalizePath() only does this on Windows (process.platform === 'win32'). On Linux/Unix, forward slashes are preserved.
Improved the fix by:
1. Removing relative path assertion from the "as is" test since it doesn't match intent
2. Adding a dedicated test that validates platform-specific behavior naturally without mocking
3. Using the actual platform instead of unreliable Object.defineProperty mocking
This approach is more reliable and clearly documents expected behavior per platform.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
The afterEach function was used in the test file but not imported from vitest, causing a build failure. This was introduced in PR #2851.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Replace Jest dependencies with Vitest and @vitest/coverage-v8
- Update test scripts to use 'vitest run --coverage'
- Create vitest.config.ts for both servers with node environment and coverage settings
- Update all test files:
- Change imports from '@jest/globals' to 'vitest'
- Replace jest.mock() with vi.mock()
- Replace jest.fn() with vi.fn()
- Update mock clearing/restoring to use vi methods
- Remove jest.config.cjs files
- All 151 tests passing (24 in sequentialthinking, 127 in filesystem)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
This commit ports the comprehensive elicitation field type demonstration
from modelcontextprotocol/example-remote-server PR #17 to the everything
server, while maintaining the better UX of the existing implementation.
Changes:
- Expanded elicitation schema to demonstrate 9 field types:
* string (plain and with default values)
* boolean
* email (format: "email")
* uri (format: "uri")
* date (format: "date")
* integer (with min/max and default)
* number (with min/max and default)
* enum with enumNames for human-readable labels
- Added required fields support (name field is required)
- Added 10-minute timeout to elicitation request
- Improved response handling to dynamically show all provided fields
- Updated tool description to reflect comprehensive field type support
- Removed unused requestElicitation helper function (inlined implementation)
- Removed unused ElicitRequest import
The implementation follows PR #17's approach of directly using
extra.sendRequest() while preserving the user-friendly response handling
with emojis and formatted output from the original implementation.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
When get_localzone_name() returns None, the server now defaults to UTC
instead of raising an error. This makes the server more robust in
environments where the local timezone cannot be determined.
* * In src/everything/sse.ts
- import cors
- use cors with config allowing any origin + GET/POST
* In src/everything/streamableHttp.ts
- import cors
- use cors with config allowing any origin + GET/POST/DELETE, and exposed protocol headers for client to read
* In package.json and package-lock.json
- add cors as a dependency
* * In package.json and package-lock.json
- add @types/cors as dev dependency
* Add caution note for CORS origin wildcard usage
Added caution note for using '*' in CORS origin.
* * In streamableHttp.ts
- remove remove unintentional console log
* * In streamableHttp.ts
- add comment about why opening cors for all routes
* * In sse.ts
- add comment about using * with caution in production for cors
* * In sse.ts
- indent on cors config
---------
Co-authored-by: shaun smith <1936278+evalstate@users.noreply.github.com>
- bump TS SDK to 1.18.0
* In src/everything/stdio.ts
- remove logging related imports
- remove custom log-level handling, now handled automatically by the SDK
* In src/everything/everything.ts
- remove console.log of sessionId
- add .idea/ for Jetbrains IDEs
* in everything.ts
- remove import of SetLevelRequestSchema
- remove logLevel var
- add sessionId var
- in startNotificationIntervals function
- add optional sid argument
- set sessionId to sid
- define messages to be sent, adding sessionId if present
- remove setRequestHandler call for SetLevelRequestSchema
- replace server.notification calls that sent "notifications/message" objects with calls to server.sendLoggingMessage, passing just the parameters and sessionId.
* In package.json & package-lock.json
- bump TS SDK version to 1.17.5
* In sse.ts, pass transport.sessionId to startNotificationIntervals call
* In stdio.ts
- destructure startNotificationIntervals from createServer call
- implement custom logging request handler and server.sendLoggingMessage implementation, as a
workaround for the fact that the SDK's automatic log level handling currently only tracks requested log level by session id. This will be fixed in a followup PR for the SDK
- call the startNotificationIntervals function after connecting the transport to the server
* In streamableHttp.ts
- destructure startNotificationIntervals from createServer call
- call startNotificationIntervals passing the transport.sessionId after connecting the transport to the server
Fixes issue #474 - documentation mismatch where temperature was documented as (number) but TypeScript SDK only accepts string arguments via z.record(z.string())
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: Ola Hungerford <olaservo@users.noreply.github.com>
* In everything.ts
- remove inappropriate elicitation entry from server capabilities (this is a client capability)
- When creating tool list, only add `ToolName.ELICITATION` definition to tools array if `clientCapabilities` includes `elicitation`
* In package.json / package-lock.json
- bump @modelcontextprotocol/sdk to "^1.17.4", adding `elicitation` to `ClientCapabilities` type
