XcodeBuildMCP is an MCP server exposing Xcode / Swift workflows as tools and resources. Stack: TypeScript · Node.js · plugin-based auto-discovery (src/mcp/tools, src/mcp/resources).

For full details see README.md and docs/ARCHITECTURE.md.

• No hard-coded secrets, tokens or DSNs.
• All shell commands must flow through CommandExecutor with validated arguments (no direct child_process calls).
• Paths must be sanitised via helpers in src/utils/validation.ts.
• Sentry breadcrumbs / logs must NOT include user PII.

Positive pattern skeleton:

// src/mcp/tools/foo-bar.ts
export async function fooBarLogic(
  params: FooBarParams,
  exec: CommandExecutor = getDefaultCommandExecutor(),
  fs: FileSystemExecutor = getDefaultFileSystemExecutor(),
) {
  // ...
}

export const handler = (p: FooBarParams) => fooBarLogic(p);

• Ban on Vitest mocking (vi.mock, vi.fn, vi.spyOn, .mock*) ⇒ critical. Use createMockExecutor / createMockFileSystemExecutor.
• Each tool must have tests covering happy-path and at least one failure path.
• Avoid the any type unless justified with an inline comment.

• docs/TOOLS.md must exactly mirror the structure of src/mcp/tools/** (exclude __tests__ and *-shared). Diff heuristic: if a PR adds/removes a tool but does not change docs/TOOLS.md ⇒ warning.
• Update public docs when CLI parameters or tool names change.

1. Mocking violations: search *.test.ts for vi. → critical.
2. DI compliance: search for direct child_process / fs imports outside executors.
3. Docs accuracy: compare docs/TOOLS.md against src/mcp/tools/**.
4. Style: ensure ESLint and Prettier pass (npm run lint, npm run format:check).

Happy reviewing 🚀