npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@mako10k/shell-server

v0.3.0

Published

Shell execution daemon and runtime utilities for MCP tools.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mako10kmako10k

Keywords

Readme

shell-server

Shared foundation for MCP Shell Server. This repo contains the core runtime, server management layer, daemon IPC, tools, and security modules used by interface layers (mcp-shell, VS Code extension, etc.).

Install

npm install @mako10k/shell-server

Run

npx -y @mako10k/shell-server

You can override the daemon socket and workspace namespace via flags or env vars.

shell-server --socket /tmp/mcp-shell/daemon.sock --cwd /path/to/repo --branch main

--branch is used for daemon socket namespace selection (not Git checkout branch selection).

Option precedence for socket path resolution:

  • --socket (explicit socket path)
  • SHELL_SERVER_DAEMON_SOCKET
  • auto-generated from --cwd/SHELL_SERVER_DAEMON_CWD + --branch/SHELL_SERVER_DAEMON_BRANCH

In other words, --branch affects the socket path only when an explicit socket path is not provided.

Default values (when options are omitted):

  • --cwd: current process working directory (process.cwd())
  • --branch: SHELL_SERVER_DAEMON_BRANCH -> SHELL_SERVER_BRANCH -> main
  • --socket: SHELL_SERVER_DAEMON_SOCKET or auto-generated as $XDG_RUNTIME_DIR|os.tmpdir()/mcp-shell/<sha256(cwd)>/<branch>/daemon.sock

shell-server-cli

shell-server-cli [--socket <path>] [--cwd <path>] [--branch <name>] [subcmd [subcmd options]]

Subcmd (function name):

  • status
  • info
  • attach
  • detach
  • reattach
  • stop
  • tool (see Tool subcommand section below)
  • help

Tool subcommand:

shell-server-cli [connection options] tool <tool-name> [--tool-option <value> ...]

AWS CLI-style extensions:

  • --input-json <json|@file>: provide tool params as JSON object
  • --query <expr>: filter JSON output with jq expression
    • engine order: node-jq -> system jq -> built-in simple query fallback

Examples:

shell-server-cli --branch main tool shell-execute --input-json '{"command":"echo hello","foreground_wait_seconds":10}'
shell-server-cli --branch main tool shell-execute --command "echo hello" --execution-mode foreground --query '.result.stdout'
shell-server-cli --branch main tool server-reattach --server-id '<server-id>' --config-updates '{"enhanced_mode_enabled":false,"llm_evaluation_enabled":false}'

Help and schema inspection:

shell-server-cli --help
shell-server-cli tool help
shell-server-cli tool shell-execute --help
  • <tool-name> accepts kebab-case and is converted to internal snake_case.
    • Example: shell-execute -> shell_execute
  • tool options use --kebab-case and are converted to internal snake_case keys.
    • Example: --working-directory -> working_directory
  • tool option values are parsed as JSON literals when possible; otherwise they are treated as strings.

Example:

shell-server-cli --branch main tool shell-execute --command "echo hello" --execution-mode "foreground"

shell-server-cli uses the same connection option resolution rules as shell-server.

Runtime config synchronization on reattach:

  • server_reattach supports optional config_updates payload.
  • Updates are applied daemon-side without restart.
  • Invalid payloads return explicit validation errors (e.g. invalid_config_payload:*).
  • info response includes configVersion for effective daemon config tracking.

Breaking Changes (v0.2.0)

v0.2.0 includes intentional breaking changes to remove MCP-specific naming from generic server components.

  • Env var prefix changed from MCP_SHELL_* to SHELL_SERVER_*.
  • Child daemon socket file changed from mcp.sock to child.sock.
  • Server/daemon info field changed from mcpSocketPath to childSocketPath.
  • Runtime error export changed from MCPShellError to ShellServerError.

No backward-compatible fallback is provided in v0.2.0. Update all existing environment variables and client-side field references before upgrading.

Build

npm install
npm run build

Release

Stable release checklist (short version):

  1. Update CHANGELOG.md ([Unreleased]) and split next version section.
npm run changelog:release -- <version>
  1. Run pre-commit quality checks.
npm install
npm run build
npm audit
npm run test:e2e
  1. Bump version (SemVer) without auto tag/commit.
npm version patch --no-git-tag-version
# or: npm version minor --no-git-tag-version
# or: npm version major --no-git-tag-version
  1. Commit release changes and create annotated tag.
git add package.json package-lock.json CHANGELOG.md
git commit -m "chore(release): <version>"
git tag -a v<version> -m "Release v<version>"
  1. Push branch and tag.
git push origin main
git push origin v<version>
  1. Publish package and update GitHub Release.
npm publish
gh release create v<version> --title "v<version>" --generate-notes
# if release already exists:
gh release edit v<version> --title "v<version>" --notes-file <release-note-file>

Detailed fixed procedure for automation/Copilot is documented in .github/copilot-instruction.md.

Exports

  • @mako10k/shell-server/runtime
  • @mako10k/shell-server/tool-runtime

Environment

  • SHELL_SERVER_DAEMON_SOCKET (socket path override)
  • SHELL_SERVER_DAEMON_CWD (working directory override)
  • SHELL_SERVER_DAEMON_BRANCH (branch namespace override)
  • SHELL_SERVER_MAX_CONCURRENT_PROCESSES (max concurrent executions; default 8)

Evaluator Errors (HTTP Analogy)

When shell_execute uses the enhanced evaluator, daemon/tool errors include structured evaluator_error metadata. These codes use an HTTP-style analogy for quick triage.

  • EVALUATOR_CONTRACT_MISMATCH -> 409 Conflict
    • Meaning: prompt/tool contract is inconsistent (deterministic client/runtime bug)
    • Retry: no
    • Daemon behavior: may detach current attached client (disconnectClient: true)
  • EVALUATOR_TOOL_ARGS_INVALID -> 422 Unprocessable Content
    • Meaning: model returned malformed tool arguments
    • Retry: yes
    • Daemon behavior: keep connection
  • EVALUATOR_LLM_NO_TOOL_CALL -> 502 Bad Gateway
    • Meaning: model failed to return required function/tool call
    • Retry: yes
    • Daemon behavior: keep connection
  • EVALUATOR_PROVIDER_UNAVAILABLE -> 503 Service Unavailable
    • Meaning: upstream model provider or adapter unavailable
    • Retry: yes
    • Daemon behavior: keep connection
  • EVALUATOR_TIMEOUT -> 504 Gateway Timeout
    • Meaning: evaluator timed out / max internal retries reached
    • Retry: yes
    • Daemon behavior: keep connection
  • EVALUATOR_INTERNAL_ERROR -> 500 Internal Server Error
    • Meaning: unexpected evaluator-side fault
    • Retry: usually no
    • Daemon behavior: keep connection

Notes:

  • Security remains fail-closed for command execution (deny on evaluator failure).
  • Daemon process remains alive; only the affected client session may be detached for non-retryable contract mismatch.