@gleanwork/configure-mcp-server

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    68:     if (!result.instance && !result.url) {
    69:         if (process.env.GLEAN_URL) {
>>> 70:             result.url = process.env.GLEAN_URL;
    71:         }
    72:         else if (process.env.GLEAN_INSTANCE || process.env.GLEAN_SUBDOMAIN) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    70:             result.url = process.env.GLEAN_URL;
    71:         }
>>> 72:         else if (process.env.GLEAN_INSTANCE || process.env.GLEAN_SUBDOMAIN) {
    73:             result.instance =
    74:                 process.env.GLEAN_INSTANCE || process.env.GLEAN_SUBDOMAIN;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    72:         else if (process.env.GLEAN_INSTANCE || process.env.GLEAN_SUBDOMAIN) {
    73:             result.instance =
>>> 74:                 process.env.GLEAN_INSTANCE || process.env.GLEAN_SUBDOMAIN;
    75:         }
    76:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    76:     }
    77:     if (!result.apiToken) {
>>> 78:         result.apiToken = process.env.GLEAN_API_TOKEN;
    79:     }
    80:     return result;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    125:         process.exit(1);
    126:     }
>>> 127:     if (options.instance && process.env._SKIP_INSTANCE_PREFLIGHT !== 'true') {
    128:         trace(`Validating instance: ${options.instance}...`);
    129:         if (!(await validateInstance(options.instance))) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    148:             // Remote: URL required, token optional (DCR is default)
    149:             if (!url) {
>>> 150:                 throw new Error('Remote configuration requires a URL (--url). Please provide it via command line options or in your .env file.');
    151:             }
    152:             if (apiToken) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    160:             // Local: both instance and token required
    161:             if (!instance && !url) {
>>> 162:                 throw new Error('Local configuration requires an instance (--instance) or URL. Please provide it via command line options or in your .env file.');
    163:             }
    164:             if (!apiToken) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    163:             }
    164:             if (!apiToken) {
>>> 165:                 throw new Error('Local configuration requires an API token (--token). Please provide it via command line options or in your .env file.');
    166:             }
    167:             trace('Local configuration with instance and token');

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    255:         const exampleClient = clients[0][0];
    256:         console.log(`  npx @gleanwork/configure-mcp-server --client ${exampleClient} --token your-token --instance your-instance`);
>>> 257:         console.log(`  npx @gleanwork/configure-mcp-server --client ${exampleClient} --env ~/.glean.env`);
    258:     }
    259:     console.log(`\nVersion: v${VERSION}`);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    272:     const hasDeployment = Boolean(instance || url);
    273:     const hasToken = Boolean(token);
>>> 274:     const hasEnvironmentToken = Boolean(process.env.GLEAN_API_TOKEN);
    275:     const hasEnvironmentInstance = Boolean(process.env.GLEAN_INSTANCE ||
    276:         process.env.GLEAN_SUBDOMAIN ||

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    273:     const hasToken = Boolean(token);
    274:     const hasEnvironmentToken = Boolean(process.env.GLEAN_API_TOKEN);
>>> 275:     const hasEnvironmentInstance = Boolean(process.env.GLEAN_INSTANCE ||
    276:         process.env.GLEAN_SUBDOMAIN ||
    277:         process.env.GLEAN_URL);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    274:     const hasEnvironmentToken = Boolean(process.env.GLEAN_API_TOKEN);
    275:     const hasEnvironmentInstance = Boolean(process.env.GLEAN_INSTANCE ||
>>> 276:         process.env.GLEAN_SUBDOMAIN ||
    277:         process.env.GLEAN_URL);
    278:     const hasEnvParam = Boolean(env);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    289:         console.error('  1. Both --token and --instance for local configuration, or');
    290:         console.error('  2. --url for remote configuration, or');
>>> 291:         console.error('  3. --env pointing to a .env file with configuration');
    292:         console.error('Run with --help for usage information');
    293:         return false;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    275:     const hasEnvironmentInstance = Boolean(process.env.GLEAN_INSTANCE ||
    276:         process.env.GLEAN_SUBDOMAIN ||
>>> 277:         process.env.GLEAN_URL);
    278:     const hasEnvParam = Boolean(env);
    279:     const hasAnyInstance = Boolean(hasDeployment || hasEnvironmentInstance);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    56: Examples:
    57:   $ npx -y @gleanwork/configure-mcp-server local --client cursor --token xxx --instance acme
>>> 58:   $ npx -y @gleanwork/configure-mcp-server local --client vscode --env ~/.glean.env
    59:   $ npx -y @gleanwork/configure-mcp-server local --client vscode --workspace --token xxx --instance acme
    60: `)

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    50:         .option('-i, --instance <instance>', 'Glean instance name')
    51:         .option('-t, --token <token>', 'Glean API token (required)')
>>> 52:         .option('-e, --env <path>', 'Path to .env file containing GLEAN_INSTANCE and GLEAN_API_TOKEN')
    53:         .option('--workspace', 'Create workspace configuration instead of global (VS Code only)')
    54:         .option('--trace', 'Enable trace logging')

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    50: 
    51: ```bash
>>> 52: npx -y @gleanwork/configure-mcp-server local --client cursor --env path/to/.env.glean
    53: ```
    54: 

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    99:   $ npx -y @gleanwork/configure-mcp-server remote --client cursor --url https://my-be.glean.com/mcp/default
    100:   $ npx -y @gleanwork/configure-mcp-server remote --client cursor --url https://my-be.glean.com/mcp/default --token xxx
>>> 101:   $ npx -y @gleanwork/configure-mcp-server remote --client vscode --url https://my-be.glean.com/mcp/default --env ~/.glean.env
    102: `)
    103:         .action(async (options) => {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    92:         .option('-u, --url <url>', 'Full MCP server URL (required, e.g., https://my-be.glean.com/mcp/default)')
    93:         .option('-t, --token <token>', 'Glean API token (optional, OAuth will be used if not provided)')
>>> 94:         .option('-e, --env <path>', 'Path to .env file containing GLEAN_URL and optionally GLEAN_API_TOKEN')
    95:         .option('--workspace', 'Create workspace configuration instead of global (VS Code only)')
    96:         .option('--trace', 'Enable trace logging')

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    106:         }
    107:         const configPaths = clientInfo.configPath;
>>> 108:         if (process.env.GLEAN_MCP_CONFIG_DIR) {
    109:             const platform = process.platform;
    110:             const pathTemplate = configPaths[platform];

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    116:                 .replace(/^\$HOME[\\/]?/, '')
    117:                 .replace(/^%USERPROFILE%[\\/]?/, '');
>>> 118:             return path.join(process.env.GLEAN_MCP_CONFIG_DIR, relativePath);
    119:         }
    120:         const platform = process.platform;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    299: You must provide either:
    300:   1. Both --token and --instance, or
>>> 301:   2. --env pointing to a .env file containing GLEAN_API_TOKEN and GLEAN_INSTANCE
    302: 
    303: Continuing with configuration, but you will need to set credentials manually later."

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    17: import { VERSION } from '../common/version.js';
    18: /**
>>> 19:  * Load environment variables from .env file or existing environment
    20:  */
    21: function loadCredentials(options) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    32:                 : options.envPath;
    33:             if (!fs.existsSync(envPath)) {
>>> 34:                 console.error(`Warning: .env file not found at ${envPath}`);
    35:             }
    36:             else {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    37:                 const envConfig = dotenv.config({ path: envPath, quiet: true });
    38:                 if (envConfig.error) {
>>> 39:                     throw new Error(`Failed to parse .env file: ${envConfig.error.message}`);
    40:                 }
    41:                 // Check for URL first, then instance

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    52:         }
    53:         catch (error) {
>>> 54:             console.error(`Error loading .env file: ${error.message}`);
    55:         }
    56:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    67:     // Fall back to environment variables if not set via options or env file
    68:     if (!result.instance && !result.url) {
>>> 69:         if (process.env.GLEAN_URL) {
    70:             result.url = process.env.GLEAN_URL;
    71:         }

Decoded base64 content: �+-J�i��^t)bz{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: <svg viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M24.3006 2.95427L2

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �+a��ۖ���������ަ�"���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���z�ۖ�������Ԅ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��Qzj-x����&�'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��Qzj-x����&�'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r���ਝ��M驕�^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��b������Ʃ�)�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r����qǬ�Ǭ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��aE�(���:���'^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��aE�(���:���'^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r����qǬ�Ǭ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �+-J�i��^t)bz{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �+-J�i��^t)bz{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �+-J�i��^t)bz{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    1: # @gleanwork/configure-mcp-server
    2: 
>>> 3: [![GA](https://img.shields.io/badge/-GA-F6F3EB?style=flat-square&logo=data:image/svg+xml;base64,PHN2ZyB2aWV3Qm94PSIwIDAgMzIgMzIiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxwYXRoIGQ9Ik0yNC4zMDA2IDIuOTU0MjdMMjAuNzY1NiAwLjE5OTk1MUwxNy45MDI4IDMuOTk1MjdDMTMuNTY1MyAxLjkzNDk1IDguMjMwMTkgMy4wODQzOSA1LjE5Mzk0IDcuMDA5ODNDMS42NTg4OCAxMS41NjQyIDIuNDgzIDE4LjExMzggNy4wMzczOCAyMS42NDg5QzguNzcyMzggMjIuOTkzNSAxMC43ODkzIDIzLjcwOTIgMTIuODI3OSAyMy44MTc3QzE2LjE0NjEgMjQuMDEyOCAxOS41MDc3IDIyLjYyNDggMjEuNjc2NSAxOS44MDU1QzI0LjczNDQgMTUuODggMjQuNTE3NSAxMC40MTQ4IDIxLjQ1OTYgNi43Mjc4OUwyNC4zMDA2IDIuOTU0MjdaTTE4LjExOTcgMTcuMDUxMkMxNi4xMDI4IDE5LjYzMiAxMi4zNzI1IDIwLjEwOTEgOS43NzAwMSAxOC4wOTIyQzcuMTg5MTkgMTYuMDc1MiA2LjcxMjA3IDEyLjMyMzMgOC43MjkwMSA5Ljc0MjQ2QzkuNzA0OTQgOC40ODQ1OCAxMS4xMTQ2IDcuNjgyMTQgMTIuNjc2MSA3LjQ4Njk2QzEzLjA0NDggNy40NDM1OCAxMy40MTM1IDcuNDIxOSAxMy43ODIyIDcuNDQzNThDMTQuOTc1IDcuNTA4NjUgMTYuMTI0NCA3Ljk0MjM5IDE3LjA3ODcgOC42Nzk3N0MxOS42NTk1IDEwLjcxODQgMjAuMTM2NiAxNC40NzAzIDE4LjExOTcgMTcuMDUxMloiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik0yNC41MTc2IDIxLjY5MjJDMjMuOTMyIDIyLjQ1MTMgMjMuMjgxNCAyMy4xMjM2IDIyLjU2NTcgMjMuNzUyNUMyMS44NzE3IDI0LjMzODEgMjEuMTEyNyAyNC44ODAzIDIwLjMxMDIgMjUuMzM1N0MxOS41Mjk1IDI1Ljc2OTUgMTguNjgzNyAyNi4xMzgyIDE3LjgzNzggMjYuNDIwMUMxNi45OTIgMjYuNzAyIDE2LjEwMjggMjYuODk3MiAxNS4yMTM3IDI3LjAwNTdDMTQuMzI0NSAyNy4xMTQxIDEzLjQzNTMgMjcuMTU3NSAxMi41MjQ0IDI3LjA5MjRDMTEuNjEzNSAyNy4wMjczIDEwLjcyNDMgMjYuODc1NSA5Ljg1Njg0IDI2LjY1ODdMOS42NjE2NSAyNy4zNzQzTDguNzcyNDYgMzAuOTk2MkM5LjkwMDIxIDMxLjI5OTggMTEuMDQ5NyAzMS40NzMzIDEyLjIyMDggMzEuNTZDMTIuMjY0MiAzMS41NiAxMi4zMjkyIDMxLjU2IDEyLjM3MjYgMzEuNTZDMTMuNTAwMyAzMS42MjUxIDE0LjY0OTggMzEuNTgxNyAxNS43NTU4IDMxLjQ1MTZDMTYuOTI3IDMxLjI5OTggMTguMDk4MSAzMS4wMzk1IDE5LjIyNTggMzAuNjcwOEMyMC4zNTM2IDMwLjMwMjIgMjEuNDU5NyAyOS44MjUgMjIuNTAwNyAyOS4yMzk1QzIzLjU2MzQgMjguNjUzOSAyNC41NjEgMjcuOTM4MiAyNS40OTM1IDI3LjE1NzVDMjYuNDQ3OCAyNi4zNTUgMjcuMzE1MyAyNS40NDQyIDI4LjA3NDQgMjQuNDQ2NUMyOC4xODI4IDI0LjMxNjQgMjguMjY5NSAyNC4xNjQ2IDI4LjM3OCAyNC4wMTI4TDI0Ljc3NzkgMjEuMzQ1MkMyNC42Njk0IDIxLjQ1MzcgMjQuNjA0NCAyMS41ODM4IDI0LjUxNzYgMjEuNjkyMloiIGZpbGw9IndoaXRlIi8+Cjwvc3ZnPg==&labelColor=343CED)](https://github.com/gleanwork/.github/blob/main/docs/repository-stability.md#ga)
    4: ![CI Build](https://github.com/gleanwork/configure-mcp-server/actions/workflows/ci.yml/badge.svg)
    5: [![npm version](https://badge.fury.io/js/@gleanwork%2Fconfigure-mcp-server.svg)](https://badge.fury.io/js/@gleanwork%2Fconfigure-mcp-server)

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.