update tools

[j4ys0n]

No description provided.

[j4ys0n]

Automated review 🤖

Summary of Changes
Adds three new compact-summary tools (msq_get_core_config_summary, msq_list_tool_functions, msq_list_server_tools) to provide iteration-friendly, flattened outputs for programmatic consumers, while preserving the original raw-response tools. Updates version to 0.3.3, adds ServerNameSchema, and introduces helper functions to transform nested object structures into arrays with counts. Documentation in README.md is expanded to explain the new tools and clarify output contracts.

Key Changes & Positives

• Introduces summarizeCoreConfig and summarizeToolInventories helpers in src/tools.ts to convert MissionSquad’s nested object-based responses into list-friendly arrays with consistent id fields and top-level counts — improves usability for agent/tool discovery workflows 🟢
• Adds msq_list_server_tools with serverName parameter in src/tools.ts to enable targeted tool inspection without loading full inventory — reduces payload size and improves performance for focused operations 🟢
• New test file test/tool-shaping.test.ts validates both summarization functions with realistic inputs — ensures correctness of transformation logic 🟢

Potential Issues & Recommendations

1. Issue / Risk: The summarizeToolInventories function assumes payload.tools is an array of objects keyed by server name, but does not validate the structure beyond isRecord checks; malformed payloads could yield empty or ambiguous results.
   Impact: Programmatic consumers may receive incomplete or misleading tool lists without clear error signals.
   Recommendation: Add explicit validation for payload.tools shape (e.g., using Zod schema) and log warnings or throw errors for unexpected structures.
   Status: 🟡 Needs review

2. Issue / Risk: msq_list_server_tools uses encodePathSegment(args.serverName) but no corresponding test covers path encoding edge cases (e.g., special characters, slashes).
   Impact: Malformed server names could cause HTTP 400/404 errors or security issues if encoding is insufficient.
   Recommendation: Add unit tests for encodePathSegment usage in msq_list_server_tools, including edge cases like ../ or %2F.
   Status: 🟡 Needs review

Language/Framework Checks

• summarizeCoreConfig and summarizeToolInventories in src/tools.ts use runtime type guards (isRecord, entriesToArray) instead of Zod parsing — consider replacing with Zod schemas for stricter validation and better TypeScript inference.
• ServerNameSchema in src/schemas.ts uses NonEmptyString — ensure NonEmptyString is imported and defined elsewhere (likely in shared utilities); missing definition would cause runtime errors.
• encodePathSegment usage in msq_list_server_tools assumes it exists and behaves like encodeURIComponent; verify its implementation handles all URL path reserved characters per RFC 3986.

Security & Privacy

• No sensitive data exposure introduced; all new tools wrap existing authenticated endpoints (core/config, core/tools, mcp/servers/{name}/tools) — no additional risk.
• msq_list_server_tools accepts serverName from user input; while encodePathSegment mitigates injection, ensure the underlying requestJson client sanitizes paths to prevent path traversal (e.g., ../../secrets).

Build/CI & Ops

• Version bump to 0.3.3 in package.json requires corresponding release notes and tag update.
• New test file test/tool-shaping.test.ts adds unit coverage — ensure CI runs Vitest and includes this file in coverage reports.

Tests

• test/tool-coverage.test.ts updated to include new tool names — verify CI enforces this list matches actual exported tools.
• test/tool-shaping.test.ts covers summarization logic but lacks edge cases: empty objects, missing keys, non-record values in nested maps. Add tests for these scenarios to prevent runtime errors.

Approval Recommendation
Approve with caveats

• Add Zod validation for payload.tools in summarizeToolInventories before merging.
• Verify encodePathSegment implementation and add path-encoding tests for msq_list_server_tools.
• Expand test/tool-shaping.test.ts to cover edge cases (empty inputs, missing keys, non-object values).