AI Development Pipeline MCP

Instructions

Implementation Reference

• local-mcp-server.ts:72-104 (handler)

  Full implementation of the run_shell_command tool: registers the tool with McpServer, defines input schema, description, and the handler logic that validates the command, executes it securely with child_process.exec (limited timeout and buffer), handles errors, and sanitizes stdout.
  server.tool( 'run_shell_command', 'Run a whitelisted shell command in the workspace (npm, yarn, git, node, npx, tsc, eslint, prettier)', { command: z.string() }, async ({ command }) => { return new Promise((resolve) => { try { validateCommand(command); exec(command, { cwd: WORKSPACE_ROOT, timeout: 30000, // 30 second timeout maxBuffer: 1024 * 1024 // 1MB max output }, (error, stdout, stderr) => { if (error) { resolve({ content: [{ type: 'text', text: `Error: ${stderr || error.message}` }] }); } else { // Sanitize output to prevent log injection const sanitizedOutput = stdout.replace(/[\x00-\x1f\x7f-\x9f]/g, ''); resolve({ content: [{ type: 'text', text: sanitizedOutput }] }); } }); } catch (err: any) { resolve({ content: [{ type: 'text', text: `Security error: ${err.message}` }] }); } }); } );
• local-mcp-server.ts:75-75 (schema)

  Zod-based input schema for the tool: requires a 'command' string parameter.
  { command: z.string() },
• local-mcp-server.ts:24-31 (helper)

  Security helper function that splits the command and checks if the base command is whitelisted.
  function validateCommand(command: string): void { const commandParts = command.trim().split(/\s+/); const baseCommand = commandParts[0]; if (!ALLOWED_COMMANDS.includes(baseCommand)) { throw new Error(`Command '${baseCommand}' is not allowed`); } }
• local-mcp-server.ts:10-12 (helper)

  Constant array defining the whitelisted shell commands permitted by the tool.
  const ALLOWED_COMMANDS = [ 'npm', 'yarn', 'git', 'node', 'npx', 'tsc', 'eslint', 'prettier' ];