Conversation
rovo79
commented
Nov 18, 2025
rovo79
commented
- Added Drush tools for status and module/theme listing.
- Introduced Composer tools for fetching project information and outdated dependencies.
- Created project manifest feature to summarize Drupal project context.
- Enhanced error handling and response formatting for CLI commands.
- Implemented HTTP and STDIO transports to handle requests for project manifest, Drush status, and Composer info.
- Introduced caching for Drush PML data to improve performance.
- Updated server state management to include configuration and operation logging.
- Added comprehensive documentation for DriftCore agents in AGENTS.md, detailing usage patterns, available resources, and safety constraints. - Removed the VSCode extension and associated files as they are no longer needed. - Deleted example Drupal sandbox setup and configuration files to streamline the repository. - Removed the agent runner package and its related files, simplifying the project structure. - Added a feature specification document for the DriftCore v0.1 single-project MCP server, outlining user scenarios, requirements, and API specifications.
- Added Drush tools for status and module/theme listing. - Introduced Composer tools for fetching project information and outdated dependencies. - Created project manifest feature to summarize Drupal project context. - Enhanced error handling and response formatting for CLI commands. - Implemented HTTP and STDIO transports to handle requests for project manifest, Drush status, and Composer info. - Introduced caching for Drush PML data to improve performance. - Updated server state management to include configuration and operation logging.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| return new Promise<CliExecutionResult>((resolve) => { | ||
| scheduleExecution(maxParallel, () => { | ||
| const child = spawn(command, args, { | ||
| cwd, | ||
| env: { ...process.env, ...env }, | ||
| stdio: ["ignore", "pipe", "pipe"], |
There was a problem hiding this comment.
The v0.1 spec (specs/001-driftcore-single-project/spec.md, lines 270‑273) requires that “Environment variables MUST be sanitized; only required values are inherited.” but runCliCommand currently forwards the entire process.env into every Drush/Composer subprocess (env: { ...process.env, ...env }). That means any secret or unstable configuration defined in the host environment (API tokens, SSH keys, proxy variables, etc.) is implicitly injected into every tool invocation, defeating the safety guarantee the spec calls for and making behavior depend on unrelated environment state. Please construct a minimal, whitelisted env (e.g., only PATH plus the explicit overrides) before spawning.
Useful? React with 👍 / 👎.
1 participant
