feat: MCP inventory (ecc.mcp.v1) — unified cross-harness MCP config view (#2146)

* feat: add MCP inventory (ecc.mcp.v1) across harnesses Read-only MCP-gateway groundwork: discover MCP server configs across every installed harness, normalize to a canonical ecc.mcp.v1 inventory, redact secrets, and report which servers are configured in 2+ harnesses (the configure-N-times pain). The read+dedup side of a unified gateway, mirroring how the session-adapter layer started read-only. Readers (per-harness config formats): - claude-code: ~/.claude.json mcpServers + project .mcp.json - codex: ~/.codex/config.toml [mcp_servers.*] TOML via @iarna/toml - opencode: ~/.config/opencode/opencode.json mcp block (command ARRAY) canonical-mcp.js: - normalize transport labels (local=>stdio, remote=>http) to stdio/http/sse - merge servers by name across harnesses; flag DRIFT when signatures differ - fragmentation report + aggregates - SECRET REDACTION: env values stripped to key names; secrets in args (--modelApiKey sk-ant-...), inline --flag=secret, and URL userinfo/token query params all redacted before storage AND before the dedup signature. scripts/mcp-inventory.js: CLI (--json, --fragmented, --help). tests/lib/mcp-inventory.test.js: 12 tests incl. a regression for the real arg-carried-secret leak found while smoke-testing on live configs. Tests: 12/0. Real-data smoke: 33 servers across 3 harnesses, 21 configured in 2+ harnesses (7 drift); secret-leak audit clean. * test: cover reader error paths, collect skip-logic, and CLI main() for mcp-inventory Lift global branch coverage past the 80% gate (was 79.86%). Adds 6 tests exercising: missing-file/malformed-JSON/missing-block reader fallbacks, codex no-parser path, collect skipping non-function readers and swallowing reader errors, CLI usage()/main() help+json+human paths, and formatHumanReport no-fragmentation + fragmented-only branches. Also scrub a real API-key fragment that had leaked into a test fixture; all secret-like fixtures are now obviously-fake FAKE... tokens. mcp-inventory.js branch 30%->93%, collect.js ->100%. Global branch 80.33%.
2026-06-13 19:51:24 +08:00 · 2026-06-06 03:55:17 +08:00
parent ab5e17fea9
commit 7113b5bf63
7 changed files with 990 additions and 0 deletions
@@ -0,0 +1,73 @@
+'use strict';
+
+const fs = require('fs');
+const os = require('os');
+const path = require('path');
+
+// OpenCode stores MCP servers under "mcp" in ~/.config/opencode/opencode.json.
+// Shape differs from Claude/Codex:
+//   { type: "local"|"remote", command: ["npx","-y","pkg"], environment: {},
+//     enabled: bool, url: "https://..." }
+// command is an ARRAY (binary + args combined); environment (not env) holds
+// secrets; type "local" => stdio, "remote" => http/sse.
+function mapOpencodeServer(name, raw, configPath) {
+  if (!raw || typeof raw !== 'object') {
+    return null;
+  }
+
+  const commandArray = Array.isArray(raw.command) ? raw.command.filter(item => typeof item === 'string') : [];
+  const [command, ...args] = commandArray;
+
+  return {
+    name,
+    type: typeof raw.type === 'string' ? raw.type : (raw.url ? 'remote' : 'local'),
+    command: command || (typeof raw.command === 'string' ? raw.command : null),
+    args: command ? args : (Array.isArray(raw.args) ? raw.args : []),
+    url: typeof raw.url === 'string' ? raw.url : null,
+    env: raw.environment && typeof raw.environment === 'object'
+      ? raw.environment
+      : (raw.env && typeof raw.env === 'object' ? raw.env : {}),
+    enabled: raw.enabled === false ? false : true,
+    source: {
+      harness: 'opencode',
+      scope: 'user',
+      configPath
+    }
+  };
+}
+
+function readOpencodeMcp(options = {}) {
+  const homeDir = options.homeDir || os.homedir();
+  const candidatePaths = options.configPath
+    ? [options.configPath]
+    : [
+      path.join(homeDir, '.config', 'opencode', 'opencode.json'),
+      path.join(homeDir, '.config', 'opencode', 'config.json'),
+      path.join(homeDir, '.opencode.json')
+    ];
+
+  const configPath = candidatePaths.find(candidate => fs.existsSync(candidate) && fs.statSync(candidate).isFile());
+  if (!configPath) {
+    return [];
+  }
+
+  let parsed;
+  try {
+    parsed = JSON.parse(fs.readFileSync(configPath, 'utf8'));
+  } catch {
+    return [];
+  }
+
+  const block = parsed && typeof parsed.mcp === 'object' && parsed.mcp
+    ? parsed.mcp
+    : (parsed && typeof parsed.mcpServers === 'object' && parsed.mcpServers ? parsed.mcpServers : {});
+
+  return Object.entries(block)
+    .map(([name, raw]) => mapOpencodeServer(name, raw, configPath))
+    .filter(Boolean);
+}
+
+module.exports = {
+  readOpencodeMcp,
+  mapOpencodeServer
+};