ReviewMCP

Instructions

Implementation Reference

• src/config/security.ts:250-281 (handler)

  Core handler function that executes the logic for 'review.security.compare': loads security config from ReviewExtention via Ruby script, compares it with the current MCP config on key fields (maxFileSize, allowedExtensions, allowedPaths), and returns matching status and differences.
  export async function compareWithReviewExtention( cwd: string, currentConfig: SecurityConfig ): Promise<{ matching: boolean; differences: string[] }> { const reviewExtConfig = await loadFromReviewExtention(cwd); if (!reviewExtConfig) { return { matching: false, differences: ["ReviewExtention config not available"] }; } const differences: string[] = []; if (currentConfig.maxFileSize !== reviewExtConfig.maxFileSize) { differences.push(`Max file size: MCP=${currentConfig.maxFileSize}, ReviewExt=${reviewExtConfig.maxFileSize}`); } const extDiff = arrayDifference(currentConfig.allowedExtensions, reviewExtConfig.allowedExtensions); if (extDiff.length > 0) { differences.push(`Allowed extensions differ: ${extDiff.join(", ")}`); } const pathDiff = arrayDifference(currentConfig.allowedPaths, reviewExtConfig.allowedPaths); if (pathDiff.length > 0) { differences.push(`Allowed paths differ: ${pathDiff.join(", ")}`); } return { matching: differences.length === 0, differences }; }
• src/index.ts:393-401 (schema)

  Tool schema definition: name, description, and input schema requiring 'cwd'.
  { name: "review.security.compare", description: "Compare MCP config with ReviewExtention config to ensure SSOT", inputSchema: { type: "object", properties: { cwd: { type: "string" } }, required: ["cwd"] } }
• src/index.ts:717-733 (registration)

  Registration of the tool handler in the MCP server's CallToolRequestSchema switch statement; delegates to the core compareWithReviewExtention function.
  case "review.security.compare": { const currentConfig = await loadSecurityConfig(args.cwd as string); const comparison = await compareWithReviewExtention(args.cwd as string, currentConfig); return { content: [ { type: "text", text: JSON.stringify({ currentSource: currentConfig.source, matching: comparison.matching, differences: comparison.differences }) } ] }; }
• src/config/security.ts:283-296 (helper)

  Helper function used by the handler to compute symmetric differences between allowed extensions and paths arrays.
  function arrayDifference(arr1: string[], arr2: string[]): string[] { const set1 = new Set(arr1); const set2 = new Set(arr2); const diff: string[] = []; for (const item of set1) { if (!set2.has(item)) diff.push(`+${item}`); } for (const item of set2) { if (!set1.has(item)) diff.push(`-${item}`); } return diff; }
• src/config/security.ts:73-113 (helper)

  Helper function to load security config directly from ReviewExtention Ruby extension by executing a dynamic Ruby script that requires './review-ext.rb' and dumps constants as JSON.
  async function loadFromReviewExtention(cwd: string): Promise<SecurityConfig | null> { try { const rubyScript = ` begin require_relative './review-ext.rb' require 'json' config = { max_file_size: defined?(MAX_FILE_SIZE) ? MAX_FILE_SIZE : 1048576, allowed_extensions: defined?(ALLOWED_EXTENSIONS) ? ALLOWED_EXTENSIONS : [], allowed_paths: defined?(ALLOWED_PATHS) ? ALLOWED_PATHS : [], block_absolute_paths: defined?(BLOCK_ABSOLUTE_PATHS) ? BLOCK_ABSOLUTE_PATHS : true, block_traversal: defined?(BLOCK_TRAVERSAL) ? BLOCK_TRAVERSAL : true } puts JSON.generate(config) rescue LoadError => e exit 1 end `; const result = await execp("ruby", ["-e", rubyScript], { cwd, timeout: 5000 }); const parsed = JSON.parse(result.stdout); return { maxFileSize: parsed.max_file_size, allowedExtensions: parsed.allowed_extensions, allowedPaths: parsed.allowed_paths, blockAbsolutePaths: parsed.block_absolute_paths, blockTraversal: parsed.block_traversal, source: "reviewextention", timestamp: new Date().toISOString() }; } catch { return null; } }