feat(sdk): add serve-bridge MCP server & rename mcp → daemon-mcp

[jifeng]

Summary

为 qwen serve daemon 添加 MCP Server 桥接层（qwen-serve-bridge），使任何 MCP 兼容客户端（Qoder、Claude Desktop、Cursor）可通过 stdio 协议与 qwen-code agent 交互。

本次改动的 Commits

以下是本 PR 的核心改动，其余 commit 来自合并 daemon_mode_b_main 基线分支：

Commit	说明
ce7a8afc5	feat(sdk): add MCP server bridge wrapping qwen serve HTTP API
0f2f6e6a9	docs(sdk): add README for qwen-serve-bridge MCP server
908158459	chore(sdk): update copyright year to 2026 in serve-bridge files
8d0e287ec	fix(sdk): correct file_stat/dir_list/glob endpoints and add process signal handling
0495564e8	docs(sdk): add external usage instructions for qwen-serve-bridge
29f91672e	fix(sdk): collect agent response text via SSE in prompt tool
e6d20dddf	refactor(sdk): rename src/mcp to src/daemon-mcp
7ccae9971	docs(sdk): update README paths after mcp → daemon-mcp rename
2eaef8829	test(sdk): add unit tests for serve-bridge MCP server
9b505eb95	feat(sdk): implement persistent SSE connection for serve-bridge prompt
e133f076e	fix(sdk): resolve P0 issues in serve-bridge MCP tools
1d6535d95	refactor(sdk): improve daemon-mcp architecture (P1/P2 fixes)
902233b39	fix(sdk): use bracket notation for process.env access in bin.ts

核心变更

新增: qwen-serve-bridge MCP Server

• 31 个 MCP 工具: session 管理(8)、agent 交互(2)、workspace 读(10)、workspace 写(9)、基础设施(2)
• 持久 SSE 连接: session_create 时建立，prompt 工具通过共享连接收集响应，消除竞态条件
• CLI 入口: qwen-serve-mcp bin，通过环境变量配置 (QWEN_DAEMON_URL, QWEN_DAEMON_TOKEN)

重构: src/mcp → src/daemon-mcp

• 目录重命名以明确职责
• 拆分 types.ts → types.ts + sse.ts + helpers.ts（关注点分离）
• 清理 formatters.ts 未使用导出

DaemonClient 扩展

• 新增 fileStat(), dirList(), glob() 方法
• 消除 serve-bridge 中的 raw fetch 绕行

外部项目使用方式

{
  "mcpServers": {
    "qwen-serve-bridge": {
      "command": "node",
      "args": ["/path/to/packages/sdk-typescript/dist/daemon-mcp/serve-bridge/bin.js"],
      "env": {
        "QWEN_DAEMON_URL": "http://127.0.0.1:4170",
        "QWEN_DAEMON_TOKEN": "qwen-local-dev"
      }
    }
  }
}

Validation

# 单元测试 (23 tests pass)
cd packages/sdk-typescript && npx vitest run test/unit/serve-bridge.test.ts

# 端到端验证 (session_create → prompt → session_close)
node -e "..." # 详见 README

# MCP 协议验证
echo '{"jsonrpc":"2.0","id":1,"method":"initialize",...}' | node dist/daemon-mcp/serve-bridge/bin.js
# → 返回 serverInfo: {name: "qwen-serve-bridge", version: "1.0.0"}
# tools/list → 31 tools

文件改动范围 (仅列出本次新增/修改)

packages/sdk-typescript/
├── src/daemon-mcp/
│   ├── formatters.ts          (精简)
│   ├── tool.ts                (copyright fix)
│   ├── createSdkMcpServer.ts  (copyright fix)
│   └── serve-bridge/
│       ├── bin.ts             (NEW - CLI 入口)
│       ├── createServeBridgeMcpServer.ts (NEW - 工厂)
│       ├── types.ts           (NEW - 类型定义)
│       ├── sse.ts             (NEW - SSE 生命周期)
│       ├── helpers.ts         (NEW - 工具函数)
│       ├── index.ts           (NEW - barrel)
│       ├── README.md          (NEW - 文档)
│       └── tools/
│           ├── index.ts       (NEW - 聚合)
│           ├── infrastructure.ts (NEW)
│           ├── session.ts     (NEW)
│           ├── agent.ts       (NEW)
│           ├── workspaceRead.ts (NEW)
│           └── workspaceWrite.ts (NEW)
├── src/daemon/DaemonClient.ts (+fileStat/dirList/glob)
├── src/index.ts               (import path update)
├── src/query/Query.ts         (import path update)
├── package.json               (bin entry)
└── test/unit/serve-bridge.test.ts (NEW - 23 tests)

demo show

[github-actions]

📋 Review Summary

This PR adds an MCP Server bridge (qwen-serve-bridge) that exposes the qwen serve daemon HTTP API as 31 MCP tools, enabling any MCP-compatible client (Cursor, Claude Desktop, etc.) to interact with the qwen-code agent via stdio. The implementation includes comprehensive unit tests (23 tests), persistent SSE connection management for streaming agent responses, and a clean architectural separation via the daemon-mcp directory rename. Overall, this is a well-structured, production-ready feature with excellent test coverage.

🔍 General Feedback

• Strong architectural decisions: The rename from src/mcp → src/daemon-mcp clarifies the separation between the SDK's internal MCP server and the new daemon bridge layer
• Excellent test coverage: 23 unit tests cover server creation, tool registration, session management, error handling, and the critical SSE streaming flow for the prompt tool
• Clean code organization: Tool definitions are logically split by category (infrastructure, session, agent, workspace read/write) with consistent patterns
• Good documentation: The README provides clear setup instructions for three deployment scenarios (npx, global install, local path)
• Proper error handling: The handler wrapper consistently catches errors and returns them as isError MCP responses while logging to stderr

🎯 Specific Feedback

🟡 High

• packages/sdk-typescript/src/daemon-mcp/serve-bridge/sse.ts:79-86 — The SSE event stream processing has a potential race condition. The collector.resolve() is called both when _meta arrives AND when the prompt response returns, but there's no guard against double-resolution. If the prompt endpoint returns before _meta is received, both code paths could fire. Add a resolved flag to PromptCollector and check before resolving:

  export interface PromptCollector {
    texts: string[];
    resolve: () => void;
    promise: Promise<void>;
    resolved: boolean;  // Add this
  }

• packages/sdk-typescript/src/daemon-mcp/serve-bridge/tools/session.ts:38-45 — The session_create handler sets state.defaultSessionId but doesn't check if an existing default session should be closed first. This could leak SSE connections. Consider calling stopEventStream for the old default session before assigning a new one.

• packages/sdk-typescript/src/daemon-mcp/serve-bridge/bin.ts:44-49 — The unhandledRejection handler writes to stderr but doesn't include the stack trace. For debugging production issues, include err instanceof Error ? err.stack : String(err) instead of just the message.

🟢 Medium

• packages/sdk-typescript/src/daemon-mcp/serve-bridge/types.ts:66-72 — The BridgeState interface stores eventStreams: Map<string, SessionEventStream> but there's no cleanup mechanism for abandoned sessions. If a client creates a session but never closes it (e.g., crashes), the SSE connection and map entry persist indefinitely. Consider adding a TTL-based cleanup or a session_cleanup tool.

• packages/sdk-typescript/src/daemon-mcp/serve-bridge/tools/workspaceWrite.ts:156-165 — The workspace_agents_manage handler has a large switch statement with duplicated error handling. Consider extracting each case into its own function for better testability and readability.

• packages/sdk-typescript/src/daemon/DaemonClient.ts:526-567 — The new fileStat, dirList, and glob methods follow the same pattern as existing methods. Consider adding these to a shared interface or using a helper to reduce duplication (e.g., a getEndpoint helper that builds the URL and handles the response).

🔵 Low

• packages/sdk-typescript/src/daemon-mcp/serve-bridge/README.md:14-19 — The environment variable table mentions QWEN_DAEMON_TOKEN is optional for loopback, but the code doesn't have any special handling for loopback URLs. Either document that the token is always required, or add logic to skip auth for 127.0.0.1 / localhost URLs.

• packages/sdk-typescript/src/daemon-mcp/serve-bridge/tools/agent.ts:28 — The prompt tool description says "Collects all agent output text from the SSE event stream" but doesn't mention the timeout behavior. Add documentation about what happens if the SSE stream never sends _meta (does it hang forever?).

• packages/sdk-typescript/src/daemon-mcp/serve-bridge/tools/index.ts — Consider exporting tool counts as constants (e.g., INFRASTRUCTURE_TOOL_COUNT = 2) for use in tests instead of magic numbers like expect(tools).toHaveLength(31).

• packages/sdk-typescript/package.json:22 — The new bin entry points to ./dist/daemon-mcp/serve-bridge/bin.js. Ensure the build process is verified to produce this file before publishing.

• packages/vscode-ide-companion/NOTICES.txt:200-205 — The notice for @qwen-code/sdk shows "License text not found." This should be fixed before release.

✅ Highlights

• Persistent SSE connection design: The architecture of maintaining a persistent SSE connection per session (created at session_create, torn down at session_close) is elegant and solves the race condition that would occur with per-request connections
• Comprehensive tool coverage: 31 tools covering the full daemon API surface — session lifecycle, agent interaction, workspace read/write operations — all with proper Zod schemas and descriptions
• Test quality: The test suite includes sophisticated mocking with recordingFetch, covers edge cases (double session close, missing SSE streams), and validates the exact tool count with duplicate detection
• Graceful shutdown: The bin entry properly handles SIGINT, SIGTERM, and stdin close events with clean server teardown
• Type safety: Strong typing throughout with BridgeState, PromptCollector, and SessionEventStream interfaces clearly documenting the shared state structure

[jifeng]

🔧 Review Feedback 已修复

针对 GitHub Actions Review Summary 的反馈，已在 commit 7aca5a52f 中完成修复：

🟡 High Priority（之前 commit 已修复）

反馈	状态	修复方式
sse.ts PromptCollector 双重 resolve 竞态	✅	resolved flag guard，防止重复调用
session.ts session_create 未关闭旧 SSE 连接	✅	新建 session 前先 stopEventStream 旧 default session
bin.ts unhandledRejection 缺少 stack trace	✅	使用 err.stack ?? err.message

🟢 Medium Priority（本次修复）

反馈	状态	修复方式
types.ts 无 TTL 清理机制，废弃 session SSE 泄漏	✅	新增 startSessionCleanup() —— 30 分钟空闲超时自动清理 SSE 连接，timer.unref() 不阻止进程退出
workspaceWrite.ts switch 语句过大	✅	拆分为 handleAgentGet/Create/Update/Delete 独立函数，提高可测试性

🔵 Low Priority（本次修复）

反馈	状态	修复方式
agent.ts prompt 工具描述未提及超时行为	✅	补充 "Times out after 30s if no response chunks are received"
README.md token 文档 "loopback 可省略" 与代码不符	✅	修正为 "daemon 启动时未设置 token 则无需传"

🔵 Low Priority（暂不处理）

反馈	原因
NOTICES.txt "License text not found"	属于 vscode-ide-companion 包的自动生成文件，需单独处理
工具数量导出为常量	偏好建议，当前 magic number 仅用于测试断言
package.json bin 构建验证	CI 已覆盖

[wenshao]

Additional findings not covered by inline comments:

[Critical] Lint errors (auto-fixable): workspaceWrite.ts has 7 arrow-body-style violations (lines 55, 92, 105, 118, 129, 142, 167) and 1 missing default case in switch (line 176). Run npm run lint:fix to resolve.

[Suggestion] Test coverage gaps: startEventStream SSE event processing loop (the core data path), stopEventStream side effects, and workspace_agents_manage 5-branch switch have zero test coverage. The current test file covers registration plumbing and core helpers well, but the SSE data path — the most novel and failure-prone part — lacks behavioral tests.

— qwen3.7-max via Qwen Code /review

[wenshao]

测试覆盖缺口（无法映射到具体 diff 行）：

1. SSE 生命周期模块零测试覆盖 — sse.ts 中的 startEventStream、stopEventStream、startSessionCleanup 是最复杂的状态管理函数（SSE for-await 循环、idle TTL 清理、collector resolve），但没有任何专项测试。
2. workspace_agents_manage 5 个 switch 分支 + 4 条验证路径全部未测试 — 这是分支最多的工具，handler 从未被调用。
3. 31 个工具中 27 个 handler 从未在测试中调用 — 测试仅验证注册数量和名称，不验证行为。
4. 确定性检查：tsc 报 serve-bridge.test.ts:432 缺少 lastActivityMs 属性（TS2741）；eslint 报 workspaceWrite.ts 中 7 处 arrow-body-style 违规和 1 处 default-case 缺失。

— qwen3.7-max via Qwen Code /review

[jifeng]

🔧 P0/P1/P2 Review Feedback 全部修复

感谢 @qwen-code-ci-bot 和 @wenshao 的详细评审！已分三个 commit 完成所有修复：

---

🔴 P0 — 52e5e285a

反馈	修复
sse.ts _meta 检查在错误层级（检查 content 应为 update），导致每次 prompt 强制等 30s	改为 '_meta' in update，SSE 事件正确 resolve collector
workspaceWrite.ts scope: 'global' 允许 MCP 客户端写全局配置（跨 workspace prompt injection）	默认禁止 global scope，需设置 QWEN_BRIDGE_ALLOW_GLOBAL_SCOPE=true 才可启用
serve-bridge.test.ts TS2741 缺少 lastActivityMs	补全 mock 对象字段

---

🟡 P1 — 8430045d7

反馈	修复
session_load/session_resume SSE 连接泄漏	切换 session 前先 stopEventStream 旧 default session
SSE catch {} 静默吞错 + finally 不 resolve collector	记录非 AbortError 日志 + finally 中 resolve activeCollector
并发 prompt 竞态（第二个覆盖第一个 collector）	若 stream.activeCollector 已存在则立即抛错

---

🟢 P2 — 80cdcbd99

反馈	修复
close() 不 abort 活跃 SSE 流	shutdown 时遍历 eventStreams 逐个 stopEventStream
file_write replace 模式空字符串作为 hash	前置校验：replace 必须传 expected_hash
Promise.race 中 setTimeout 泄漏	正常 resolve 后 clearTimeout(timeoutId!)
prompt_cancel 不 resolve collector（cancel 后仍等 30s）	cancel 后立即 stream?.activeCollector?.resolve()
session_create 先 stop 旧 SSE 再创建新 session（失败则两边都没流）	先确认新 session 成功，再 stop 旧 SSE
session_close 先 stop SSE 再 HTTP close（失败则不一致）	先 HTTP close，再 stop SSE
daemonFetch/authHeaders 死代码	删除函数及对应测试
超时后部分响应无法区分完整 vs 截断	返回 stop_reason: 'timeout' + warning 字段
bin.ts 注释路径是旧的 dist/mcp/...	修正为 dist/daemon-mcp/serve-bridge/bin.js
session_load/resume 缺少 workspaceCwd 回退	添加 ?? state.workspaceCwd
daemonUrl.replace(/\/+$/, '') ReDoS regex	替换为手写 stripTrailingSlashes 循环
Lint: 7 处 arrow-body-style + switch 缺 default case	全部修复

---

📝 剩余未处理项

反馈	说明
测试覆盖（SSE 数据路径、27 个 handler 行为测试）	认同需要补充，将在后续 PR 中增加
prompt() HTTP 调用无超时上限	需要 DaemonClient 层面支持 AbortSignal，后续跟进

tsc ✅ 通过，无类型错误。

[jifeng]

🔀 Merge Conflicts 已解决

ea80fe4e9 — 已与 daemon_mode_b_main 最新代码合并，PR 现在无冲突。

冲突处理策略：

• 20 个冲突文件中 19 个不在 serve-bridge 改动范围内（acp-bridge、cli/serve、daemon-ui、webui），直接采用 base branch 版本
• packages/sdk-typescript/src/daemon/index.ts 手动合并：保留 base branch 新增的 DaemonPermissionTranscriptBlock export type

tsc ✅ 通过。

[wenshao]

⚠️ Local Verification Report — PR #4555

Maintainer local verification on macOS in tmux. Tests / typecheck / MCP protocol all pass, but local exercise surfaced two issues that the reviewer should weigh before merge — one is a shipping defect (broken bin entry).

Environment

Item	Value
OS	macOS 26.4.1 (Darwin 25.4.0)
Node	v22.17.0
Package	@qwen-code/sdk@0.1.8
Tested commit	ea80fe4e9 (PR head)
Base	daemon_mode_b_main (40 commits ahead)
Runner	tmux session pr4555, vitest 1.6.1

Test Plan (PR body) results

Step	Result
npx vitest run test/unit/serve-bridge.test.ts	✅ 18 passed (PR body says 23 — see note below)
node dist/.../bin.js initialize → serverInfo	✅ {name: "qwen-serve-bridge", version: "1.0.0"}, protocolVersion: "2025-06-18" (via tsx — see Issue 1)
tools/list → 31 tools	✅ confirmed 31 unique tool names

Note on test count — PR body claims 23 tests; current serve-bridge.test.ts has 18 it() blocks. The descriptive table claim is stale (likely from before the persistent-SSE refactor). All 18 currently present tests pass.

Additional checks

Step	Result
Full packages/sdk-typescript test suite (npx vitest run)	✅ 15 files / 674 tests all pass (24.47s)
tsc --noEmit (typecheck)	✅ exit 0, no errors
eslint packages/sdk-typescript/src/daemon-mcp/serve-bridge ... (root eslint)	✅ exit 0, no findings
npm run build --workspace=packages/sdk-typescript	✅ exit 0, completes in 10.71s
31-tool registration assertion (should aggregate to exactly 31 tools)	✅ passes

Issue 1 — bin entry points to a file the build doesn't produce ⚠️

packages/sdk-typescript/package.json declares:

"bin": {
  "qwen-serve-mcp": "./dist/daemon-mcp/serve-bridge/bin.js"
}

…but the build pipeline does NOT emit this file:

$ ls packages/sdk-typescript/dist/daemon-mcp/serve-bridge/
bin.d.ts                                  ← only the type declaration
createServeBridgeMcpServer.d.ts
helpers.d.ts
index.d.ts
sse.d.ts
tools/
types.d.ts

$ node packages/sdk-typescript/dist/daemon-mcp/serve-bridge/bin.js
Error: Cannot find module '.../dist/daemon-mcp/serve-bridge/bin.js'

Root cause: tsconfig.build.json sets "emitDeclarationOnly": true, and scripts/build.js only esbuild-bundles src/index.ts and src/daemon/index.ts — the new bin.ts (and the rest of daemon-mcp/serve-bridge/*) gets no JS output. Diff vs base confirms PR 4555 added the bin entry + bin.ts source but did not extend the build to emit them.

Impact: after npm install (or npm publish), invoking the registered bin (npx qwen-serve-mcp or the path documented in the PR body / serve-bridge/README.md) fails immediately with "Cannot find module". The MCP server is effectively un-runnable from a published install.

Suggested fix: extend scripts/build.js with an esbuild entry for src/daemon-mcp/serve-bridge/bin.ts (output dist/daemon-mcp/serve-bridge/bin.js, with a #!/usr/bin/env node shebang and chmod +x), or remove emitDeclarationOnly for the daemon-mcp/serve-bridge/ subtree. Either way, please add a smoke test (e.g. node dist/daemon-mcp/serve-bridge/bin.js < /dev/null) so this regresses loudly next time.

Local protocol verification was done by running tsx src/daemon-mcp/serve-bridge/bin.ts directly. The runtime logic itself is correct — it's purely the build pipeline that's missing the entry.

Issue 2 — Prettier formatting drift in 5 PR files (non-blocking)

$ npx prettier --check packages/sdk-typescript/src/daemon-mcp/serve-bridge ...
[warn] src/daemon-mcp/serve-bridge/README.md
[warn] src/daemon-mcp/serve-bridge/tools/session.ts
[warn] src/daemon-mcp/serve-bridge/tools/workspaceRead.ts
[warn] src/daemon-mcp/serve-bridge/tools/workspaceWrite.ts
[warn] src/daemon-mcp/serve-bridge/types.ts

Differences are line-wrap nits (e.g., 80-char line-length wraps not applied). CI uses prettier --write (auto-fix) rather than --check, so it won't fail CI — but the files don't match the project's own .prettierrc (printWidth: 80). One npx prettier --write packages/sdk-typescript/src/daemon-mcp/serve-bridge resolves it.

Recommendation

Hold on merge until Issue 1 is addressed. Tests, types, and runtime behavior all check out, but shipping a bin entry that points to a non-existent file would mean every external consumer following serve-bridge/README.md hits a "Cannot find module" wall on first run. Issue 2 is purely cosmetic and can be fixed in the same follow-up.

Once bin.js is produced by build (and ideally a smoke-test gate added), this PR is good to land.

— wenshao

[wenshao]

🔬 Maintainer Verification Report

环境: macOS Darwin 25.4.0, Node.js v22.17.0
分支: feat/sdk-serve-bridge-pr @ de6e85dc
测试时间: 2026-05-27

---

✅ Build

检查项	结果
npm run build	✅ 编译成功 (10.4s)
dist/daemon-mcp/serve-bridge/bin.js 生成	✅
所有 serve-bridge 源文件有对应 .d.ts	✅

✅ Unit Tests

测试文件	结果
serve-bridge.test.ts	✅ 30/30 passed
createSdkMcpServer.test.ts (回归)	✅ 18/18 passed
全量 SDK 测试	✅ 685/686 passed

⚠️ 1 个失败 (approval-mode-drift.test.ts) 是 base 分支预存问题（SDK 新增了 auto mode 但 core 未同步），与本 PR 无关。

✅ E2E: MCP Protocol Handshake (stdio)

initialize → serverInfo: {name: "qwen-serve-bridge", version: "1.0.0"}
tools/list  → 31 tools registered ✓

✅ E2E: Session Lifecycle (qwen serve daemon)

通过 tmux 启动 qwen serve --port 4170，使用 MCP bridge 进行完整生命周期验证：

步骤	结果
health	✅ {"status":"ok"}
session_create	✅ 返回 UUID session_id
prompt "What is 2+2?"	✅ response: "4", stop_reason: "end_turn"
session_close	✅ {"ok":true}

✅ E2E: Workspace Tools

工具	结果
file_read package.json	✅ 正确返回文件内容
dir_list src/daemon-mcp/serve-bridge	✅ 列出所有文件
glob **/*.test.ts	✅ 匹配所有测试文件
file_stat package.json	✅ 返回 size/mtime 元数据

✅ E2E: Security Guards

攻击向量	防护结果
workspace_memory_write scope=global	✅ BLOCKED — "Global scope is disabled for security"
session_set_approval_mode mode=yolo	✅ BLOCKED — "restricted for security"
session_set_approval_mode mode=auto	✅ BLOCKED — "restricted for security"
workspace_tool_toggle	✅ BLOCKED — "restricted for security"

🐛 Minor Issues Found

1. Double shebang in bin.js: src/daemon-mcp/serve-bridge/bin.ts 第 1 行有 #!/usr/bin/env node，同时 scripts/build.js:138 的 esbuild banner 也添加了一行。导致 node dist/.../bin.js 直接运行报 SyntaxError。通过 chmod +x + shebang 执行可正常工作。建议: 去掉 bin.ts 中的 shebang 或去掉 build.js 中的 banner。

---

结论

本 PR 功能验证通过，可以 merge。

核心功能（MCP 协议握手、session 生命周期、workspace 工具、agent prompt/response）和安全防护（全局作用域限制、权限升级阻断）均按预期工作。唯一的 minor issue 是 double shebang 不影响生产使用（MCP 客户端通过 shebang 执行）。

[jifeng]

R10 Review Fix Summary (commit 2c92e7f07)

针对 @wenshao 最新评审的修复：

Suggestion 修复

问题	修复	文件
handleAgentUpdate 的 hasField 误含 scope（scope 是路由参数不是更新字段，只传 scope 会导致空 body POST）	从 hasField 检查中移除 scope，更新错误提示	workspaceWrite.ts
workspace_mcp_restart 缺 allowGlobalScope 守卫（重启 MCP server 可中断运行中的调用，与 workspace_tool_toggle 不一致）	加 allowGlobalScope 守卫	workspaceWrite.ts

延后处理

问题	原因
fileStat()/dirList()/glob() 返回 Promise<unknown> 缺少类型定义	属于 DaemonClient 范围，需定义新类型接口，改动较大，计划下个迭代处理

[wenshao]

Maintainer Verification Report

PR: #4555 — feat(sdk): add serve-bridge MCP server & rename mcp → daemon-mcp
Branch: feat/sdk-serve-bridge-pr → daemon_mode_b_main
Tested on: macOS Darwin 25.4.0

Build & Type Check

• npm run build — PASS (0 errors, 15 pre-existing lint warnings)
• npx tsc -p packages/sdk-typescript/tsconfig.json --noEmit — PASS (no type errors)
• Dist output verified: dist/daemon-mcp/serve-bridge/bin.js exists with shebang, bin entry in package.json correct

Unit Tests

Test Suite	Tests	Result
serve-bridge.test.ts	30 (all new)	PASS
All SDK test/unit/	686 across 15 files	PASS

New Test Coverage (30 tests)

• Server creation, trailing-slash stripping — PASS
• resolveSessionId (explicit, default, error) — PASS
• Error handler (pass-through, Error catch, non-Error catch) — PASS
• Tool registration: 31 unique tools (infra 2, session 8, agent 2, read 10, write 9) — PASS
• Prompt SSE collection, no-stream error, concurrent prompt guard — PASS
• prompt_cancel resolves collector with interrupted=true — PASS
• Security guards (9 tests): global scope rejection, yolo/auto/auto-edit mode guard, persist flag guard, read-only list allowed, file_write hash required, tool_toggle guard, agents_manage update validation — all PASS

Code Review Notes

Security:

• allowGlobalScope defaults false, opt-in via QWEN_BRIDGE_ALLOW_GLOBAL_SCOPE=true
• Dangerous modes (yolo/auto/auto-edit) + persist + tool_toggle + mcp_restart + global-scope writes all gated
• file_write replace requires expected_hash; no regex ReDoS (hand-rolled loop)

Robustness:

• Double-resolve guard on PromptCollector, concurrent prompt rejection
• SSE finally block resolves pending collector (no 30s hangs on disconnect)
• startEventStream guards stale entries, session TTL cleanup (30min, unref'd timer)
• session_close try/finally ensures SSE cleanup; stopEventStream marks interrupted

Refactor:

• src/mcp → src/daemon-mcp clean, no stale imports
• DaemonClient: fileStat/dirList/glob additions consistent with existing patterns

Verdict

Ready to merge. Comprehensive test coverage (30 new tests), proper security guards, robust SSE lifecycle, clean refactor. All 686 SDK tests pass, no regressions.

---

Verified by: wenshao

[doudouOUC]

整体架构清晰，SSE 持久连接 + PromptCollector 模式设计合理，allowGlobalScope 安全守卫覆盖到位，测试覆盖了关键路径（23 tests）。

以下 inline comments 按优先级分 High / Medium / Low 三档，共 8 条。

[jifeng]

R11 Review Fix Summary (commit 620b50307)

针对 @doudouOUC 评审（8 条，High/Medium/Low）的修复：

High 修复

问题	修复	文件
types.ts 同时 re-export 运行时函数，命名与内容不符，有循环依赖风险	移除所有运行时 re-export，tool 文件直接从 sse.js/helpers.js 导入，types.ts 仅保留类型定义	9 个文件
/error|fail/i 正则过于宽泛，可能误匹配或漏检	加注释说明 best-effort 匹配限制，待 daemon 定义正式 error 事件枚举后更新	sse.ts

Medium 修复

问题	修复	文件
prompt 描述 "Times out after 30s" 误导客户端设置过短 timeout	改为明确说明工具可阻塞数分钟，30s 仅为 post-response completion signal 收集超时	agent.ts
persist: true + default 模式的错误消息混淆	区分两种 case：dangerous mode restricted vs persisting changes restricted	workspaceWrite.ts
name 参数在 update 中被忽略但 schema 未标注	标注 (create only, required for create)	workspaceWrite.ts

Low 修复

问题	修复	文件
shutdown() catch 吞掉错误，调试无线索	改为 process.stderr.write 输出错误详情	bin.ts

无需修复

问题	原因
formatters.ts 新文件删减旧导出可能影响 createSdkMcpServer.ts	serve-bridge 的 formatters.ts 和 createSdkMcpServer.ts 引用的是不同路径的文件，不存在影响

延后处理

问题	原因
fileStat()/dirList()/glob() 返回 Promise<unknown>	属于 DaemonClient 范围，需定义新类型接口，计划下个迭代处理

验证

• tsc: 通过
• vitest: 30/30 测试全部通过

[doudouOUC]

二轮 review：补充并发安全、dead code、生命周期方面的额外发现（5 条）。

[wenshao]

[Suggestion] sse.ts:96-100 — 新增注释承认 /error|fail/i 可能产生 false positive（如 default_fallback），但下游 agent.ts 的 interrupted 分支返回 "SSE stream was closed before the response completed" 警告。在 false positive 触发时，SSE 流实际并未关闭，该警告具有误导性。建议将 warning 改为更准确的措辞，如 "Response collection was interrupted before the completion signal was received."，或在 PromptCollector 上增加 interruptReason 字段以区分 SSE 断连和 regex 误匹配。

— qwen3.7-max via Qwen Code /review

[wenshao]

Verification Report — PR #4555

Reviewer: wenshao
Branch: feat/sdk-serve-bridge-pr → daemon_mode_b_main
Environment: macOS Darwin 25.4.0, Node v22.17.0

---

1. Build & Type Check

Check	Result
npm install	✅ Pass
tsc --noEmit	✅ Pass (zero errors)
npm run build	✅ Pass (dist output generated)
bin.js generated	✅ dist/daemon-mcp/serve-bridge/bin.js exists

2. Unit Tests

Test File	Result
serve-bridge.test.ts	✅ 30/30 passed
createSdkMcpServer.test.ts	✅ 18/18 passed (regression check)
Full sdk-typescript suite	✅ 686/686 passed across 15 files

Zero regressions from the mcp → daemon-mcp rename or any other changes.

3. MCP Protocol Verification (stdio)

Tested initialize → tools/list flow via stdin/stdout JSON-RPC:

Check	Result
initialize response	✅ serverInfo: {name: "qwen-serve-bridge", version: "1.0.0"}
protocolVersion	✅ 2024-11-05
tools/list count	✅ 31 tools
Tool categories	health(1), capabilities(1), session(9), prompt(2), file(5), dir(1), glob(1), workspace(11)

4. Code Review Findings

🚨 P0 — Blocker

Issue

Details

Double shebang in dist/daemon-mcp/serve-bridge/bin.js

Source bin.ts has #!/usr/bin/env node on line 1, and scripts/build.js:138 adds another via esbuild banner: { js: '#!/usr/bin/env node' }. The built output has TWO shebangs. Node.js only strips the first — the second is parsed as JavaScript and causes SyntaxError: Invalid or unexpected token. The primary CLI entry point is non-functional as built. Fix: remove the shebang from src/daemon-mcp/serve-bridge/bin.ts (the esbuild banner is the authoritative one).

⚠️ P1 — Should Fix

Issue	Details
DaemonClient new methods return Promise<unknown>	fileStat(), dirList(), glob() all return Promise<unknown>, unlike every other method in the class which uses typed interfaces. This removes compile-time safety for consumers. Proper response types should be defined.
Inconsistent path descriptions in tool schemas	file_read says "relative to workspace root" but file_stat and dir_list just say "File path to stat" / "Directory path to list" — LLM consumers could attempt absolute paths.

💡 P2 — Nice to Have

Issue	Details
No client-side path sanitization	All file tools trust the daemon entirely for path validation. A lightweight reject-absolute-paths / reject-..-segments check at the SDK level would add defense-in-depth.
workspace_agents_manage overloads 5 CRUD actions into one flat zod schema	Required-for-create validation is done manually in the handler, not at the schema level. A discriminated union or per-action tools would catch invalid requests earlier.
SSE error event detection uses fragile /error|fail/i regex	Acknowledged in comments. Should be revisited when daemon publishes a formal error event enum.
file_write in create mode still forwards expected_hash	Semantically meaningless for creation; SDK should strip it or document the pass-through.
Missing clientId parameter on new DaemonClient methods	Existing readWorkspaceFile() accepts optional clientId but new methods omit it.

✅ Positive Observations

• SSE lifecycle management is well-structured with three cleanup paths (explicit stop, async loop finally, idle TTL sweep)
• Concurrent prompt guard is TOCTOU-safe in Node.js's single-threaded model
• allowGlobalScope defaults to false, properly gating dangerous write operations
• Token handling via env vars, never logged or exposed in error messages
• Signal handling covers SIGINT, SIGTERM, stdin close, and unhandled rejections
• stripTrailingSlashes explicitly avoids regex to dodge ReDoS concerns
• All imports correctly reference daemon-mcp path — no stale mcp/ references remain

5. Summary

The serve-bridge architecture is solid: clean factory pattern, well-separated concerns, comprehensive tool coverage (31 tools), and good SSE lifecycle management. All 686 tests pass with zero regressions.

However, the P0 double-shebang bug makes bin.js non-functional after npm run build. This must be fixed before merge — it's a one-line fix (remove the shebang from src/daemon-mcp/serve-bridge/bin.ts).

Recommendation: ⚠️ Request changes — fix P0 (double shebang), then approve.

---

Verified locally on 2026-05-27

[doudouOUC]

三轮 review：SSE 韧性、事件可见性、API 一致性方面的补充发现（3 条）。

[doudouOUC]

LGTM — 架构清晰，安全防护到位，SSE 生命周期管理完善。

几个非阻塞建议供参考：

1. workspace_agents_manage scope 校验：update/delete 操作在 scope 为 undefined 时会绕过 validateGlobalScope 检查。建议当 allowGlobalScope=false 时，对写操作强制 scope 必须为 'workspace'（或拒绝 undefined）。
2. state.daemonUrl / state.token 疑似冗余：所有 tool handler 已通过 state.client.* 调用，这两个字段无使用方。
3. DaemonClient 新方法返回 Promise<unknown>：fileStat/dirList/glob 建议定义具体返回类型。
4. SSE 错误检测 regex /error|fail/i：可能误判 "default_fallback" 等字符串，建议用精确 Set 匹配。
5. server.instance.server.onclose 覆盖：建议链式调用已有 handler 而非直接赋值。

🤖 Generated with Qoder

has been fixed