XcodeBuildMCP is an MCP server exposing Xcode / Swift workflows as tools and resources. Stack: TypeScript · Node.js · plugin-based auto-discovery (src/mcp/tools, src/mcp/resources).

For full details see README.md and docs/ARCHITECTURE.md.

• No hard-coded secrets, tokens or DSNs.
• All shell commands must flow through CommandExecutor with validated arguments (no direct child_process calls).
• Paths must be sanitised via helpers in src/utils/validation.ts.
• Sentry breadcrumbs / logs must NOT include user PII.

Positive pattern skeleton:

// src/mcp/tools/foo-bar.ts
export async function fooBarLogic(
  params: FooBarParams,
  exec: CommandExecutor = getDefaultCommandExecutor(),
  fs: FileSystemExecutor = getDefaultFileSystemExecutor(),
) {
  // ...
}

export const handler = (p: FooBarParams) => fooBarLogic(p);

• External-boundary rule: Use createMockExecutor / createMockFileSystemExecutor for command execution and filesystem side effects.
• Internal mocking is allowed: vi.mock, vi.fn, vi.spyOn, and .mock* are acceptable for internal modules/collaborators.
• Each tool must have tests covering happy-path and at least one failure path.
• Avoid the any type unless justified with an inline comment.

• docs/TOOLS.md must exactly mirror the structure of src/mcp/tools/** (exclude __tests__ and *-shared). Diff heuristic: if a PR adds/removes a tool but does not change docs/TOOLS.md ⇒ warning.
• Update public docs when CLI parameters or tool names change.

1. External-boundary violations: confirm tests use injected executors/filesystem for external side effects.
2. DI compliance: search for direct child_process / fs imports outside approved patterns.
3. Docs accuracy: compare docs/TOOLS.md against src/mcp/tools/**.
4. Style: ensure ESLint and Prettier pass (npm run lint, npm run format:check).

Happy reviewing 🚀