fix(doctor): Improve representativeness and non-redacted opt-in#238
Merged
cameroncooke merged 4 commits intomainfrom Feb 23, 2026
Merged
fix(doctor): Improve representativeness and non-redacted opt-in#238cameroncooke merged 4 commits intomainfrom
cameroncooke merged 4 commits intomainfrom
Conversation
Align doctor output with current manifest and workflow architecture by removing legacy plugin reporting and replacing it with manifest-backed tool inventory summaries. Add default PII/path redaction to doctor output and introduce explicit opt-in non-redacted mode for both MCP doctor and the doctor CLI via nonRedacted/--non-redacted. Make dependency probing safer and more accurate by avoiding side effects in xcodemake checks and adding capability-level checks used by current tooling paths. Update generated tool docs and troubleshooting/bridge docs to reflect the new doctor behavior and options. Co-Authored-By: Claude <noreply@anthropic.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
commit: |
Replace the extension-boundary regex with an explicit trailing-character check so CodeQL does not interpret the sequence as a backspace escape. Behavior is unchanged: project names are still redacted when they appear before known Xcode file extensions. Co-Authored-By: Claude <noreply@anthropic.com>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
Include xcodeToolsBridge in the doctorInfo payload before rendering so bridgePath, lastError, and unavailable reasons pass through the same sanitizeValue redaction path as the rest of the doctor report. This closes a gap where bridge diagnostics were interpolated directly into output and could bypass default redaction. Co-Authored-By: Claude <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
Treat as a valid delimiter when redacting project-name path components so PATH entries like /Users/me/SecretProject:/usr/bin do not leak the project directory name in default redacted doctor output. This preserves existing behavior for nested paths while covering the PATH root-component case reported in review. Co-Authored-By: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Improve doctor output so it reflects current XcodeBuildMCP architecture and is safer to share by default.
This replaces legacy plugin-focused reporting with manifest-backed tool inventory/workflow information, adds default redaction for sensitive values and project-identifying paths, and introduces explicit opt-in non-redacted output for users who need full diagnostics (
nonRedactedfor MCP doctor and--non-redactedfor the CLI doctor).I also aligned dependency checks with current behavior by avoiding side-effecting xcodemake checks during diagnostics, added capability-level checks used by active workflows, and updated generated tool docs plus troubleshooting/bridge docs to match the new doctor behavior.
Included in this PR is the investigation report that documents the representativeness gaps, root causes, and rationale for these changes.