fix(hooks): quote args when probing Windows .cmd MCP servers via shell by phobicdotno · Pull Request #2343 · affaan-m/ECC

phobicdotno · 2026-06-23T15:02:31Z

Summary

Symptom: On Windows, any stdio MCP server whose args contain a space
(e.g. --codesys-path "C:\Program Files\...") is falsely reported as
unhealthy by the mcp-health-check PreToolUse hook, causing every MCP tool
call to that server to be blocked — even though the server itself is
perfectly healthy.
Root cause: In probeCommandServer, when the command falls back to a
.cmd candidate the probe sets useShell: true. It then calls
spawn(tryCommand, args, { shell: true }). With shell: true and a
separate args array, Node.js concatenates all tokens without quoting
(documented as DEP0190). cmd.exe then re-splits the concatenated line at
every space, so the path C:\Program Files\Some Server\server.exe arrives
at the child as C:\Program — the executable is not found, the process
exits immediately, the probe times out with exit code rather than the
expected "still running after timeout" signal, and the server is marked
unhealthy.
Fix: Added a quoteWin(token) helper that double-quotes any token
containing whitespace or cmd metacharacters. In the useShell branch, the
command and all args are now joined into a single pre-quoted command-line
string and passed as the first (and only) argument to spawn() with no
separate args array. The else branch (shell: false, all non-.cmd
commands) is unchanged. All existing timeout/kill logic (taskkill tree-kill),
ENOENT/EINVAL retry, stderr capture, and candidate-fallback behaviour are
preserved.
Regression test added: On Windows, the new test creates a .cmd shim
that echoes its first positional argument (%1) to stderr and then stays
alive, invokes the hook with --codesys-path "C:\Program Files\..." as an
arg, and asserts (a) the probe marks the server healthy and (b) stderr does
not contain the split fragment C:\Program alone — confirming the path
reached cmd.exe as a single quoted token.

Test plan

node tests/hooks/mcp-health-check.test.js — 24/24 pass (including
the new Windows test)
node tests/run-all.js — all failures are pre-existing (missing ajv
dep in test environment), none related to the changed files
Manually verified with a throwaway script that the old (unquoted)
cmdline splits at the space and the new (quoted) cmdline does not

On Windows, when a bare-name MCP server command (e.g. codesys-mcp-sp21-plus) falls back to the .cmd candidate, the probe sets shell:true to work around Node 18.20+ CVE-2024-27980. However, passing an args array alongside shell:true causes Node to concatenate the tokens without quoting (DEP0190), so an arg containing a space (e.g. --codesys-path "C:\Program Files\...") is re-split by cmd.exe at every space boundary. The child process receives a truncated path, fails to launch, and the probe declares the server unavailable, falsely blocking every MCP tool call to that server. Fix: add a quoteWin() helper that double-quotes any token containing whitespace or cmd metacharacters. In the useShell branch, build a single properly-quoted command line string and pass it as the sole argument to spawn() with no separate args array. The else branch (shell:false, all non-.cmd commands) is unchanged. Regression test added: on Windows, creates a .cmd shim that echoes its first positional argument to stderr, probes it with a space-containing path arg, and asserts the probe succeeds and the arg was not split at the space boundary.

coderabbitai · 2026-06-23T15:02:55Z

📝 Walkthrough

Summary by CodeRabbit

Bug Fixes
- Fixed MCP health check probe behavior on Windows when command arguments contain spaces, ensuring arguments are passed correctly to cmd.exe without unintended splitting.

Walkthrough

quoteWin(token) helper is added to mcp-health-check.js to escape tokens for cmd.exe. The useShell spawn branch is restructured: when true, it builds a single quoted command-line string and spawns without an args array; when false, it spawns normally with the args array. A Windows-only test validates that space-containing arguments are not re-split by cmd.exe.

Changes

Windows cmd.exe Space-in-Arg Quoting Fix

Layer / File(s)	Summary
`quoteWin` helper and shell-mode spawn restructure `scripts/hooks/mcp-health-check.js`	Adds `quoteWin(token)` to wrap/escape cmd.exe tokens. Rewrites the `useShell` spawn branch: when `true`, quotes each token and joins into a single command-line string passed to `spawn` with `shell: true` and no args array; when `false`, uses the original `spawn(command, args, { shell: false })` form.
Windows spaced-argument probe test `tests/hooks/mcp-health-check.test.js`	Adds a `win32`-only test that creates a `.cmd` shim echoing its first arg to `stderr`, runs the probe with a `C:\Program Files\...` path argument, and asserts the server is marked `healthy` and `stderr` does not contain the split token `ARG1=[C:\\Program]`.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🪟 cmd.exe once tore paths apart,
splitting Program Files to break your heart.
Now quoteWin wraps each token tight,
one string, one spawn — the args survive the night.
No more split paths, no more dread. 🎯

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly describes the core fix: quoting arguments when probing Windows .cmd servers via shell, which matches the main changeset.
Description check	✅ Passed	The description clearly explains the symptom, root cause, and fix, directly relating to the changeset modifications in both files.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint install failed. For unrecoverable errors, disable the tool in CodeRabbit configuration.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands.}

greptile-apps · 2026-06-23T15:08:41Z

Greptile Summary

This PR fixes a Windows-specific bug where MCP servers whose args contain spaces (e.g. paths under C:\Program Files) were falsely reported as unhealthy. When a bare command name fell back to its .cmd candidate, spawn was called with shell:true and a separate args array; Node.js concatenated the tokens without quoting (DEP0190), causing cmd.exe to re-split paths at every space.

Fix (scripts/hooks/mcp-health-check.js): adds a quoteWin helper that double-quote-wraps tokens containing whitespace or cmd metacharacters and joins command + args into a single pre-quoted string passed as the sole argument to spawn, bypassing the DEP0190 concatenation path.
Test (tests/hooks/mcp-health-check.test.js): adds a Windows-only regression test using a .cmd shim, but the key stderr assertion captures %1 (always --codesys-path) instead of %2 (the spaced path), making it trivially true whether or not the fix is applied.

Confidence Score: 3/5

The production fix is sound but the regression test does not actually exercise the quoting behavior it was written to verify.

The production fix is correct and well-scoped. However the new test's stderr assertion is trivially satisfied even without the fix — %1 always receives --codesys-path, never the spaced path — so no automated guard exists against future regressions in the quoting logic.

tests/hooks/mcp-health-check.test.js needs the .cmd echo changed from %1 to %2 and the assertion updated to check the positive case before it provides meaningful regression protection.

Important Files Changed

Filename	Overview
scripts/hooks/mcp-health-check.js	Adds `quoteWin` helper and splits the `spawn` call into a shell-quoted path for `.cmd`/`.bat` candidates vs. the existing direct spawn; fix is correct for the common case with a minor `%VAR%` expansion edge-case noted.
tests/hooks/mcp-health-check.test.js	New Windows regression test captures `%1` (always `--codesys-path`) instead of `%2` (the spaced path), making the key stderr assertion trivially true; the test would pass with the old, broken spawn call and does not verify the quoting fix.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[probeCommandServer called] --> B{platform === win32\nAND candidate ends .cmd/.bat\nAND no UNSAFE_SHELL_CHARS}
    B -- useShell = true --> C["Build quotedCmdline:\n[tryCommand, ...args].map(quoteWin).join(' ')"]
    C --> D["spawn(quotedCmdline, { shell: true })\ncmd.exe /d /s /c quotedCmdline"]
    B -- useShell = false --> E["spawn(tryCommand, args, { shell: false })"]
    D --> F{Child process exits\nbefore timeout?}
    E --> F
    F -- exits early --> G{ENOENT / EINVAL\nand not last candidate?}
    G -- yes --> H[retryNext: next candidate]
    G -- no --> I[finish: unhealthy]
    F -- still alive at timeout --> J[kill child / finish: healthy]

%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
    A[probeCommandServer called] --> B{platform === win32\nAND candidate ends .cmd/.bat\nAND no UNSAFE_SHELL_CHARS}
    B -- useShell = true --> C["Build quotedCmdline:\n[tryCommand, ...args].map(quoteWin).join(' ')"]
    C --> D["spawn(quotedCmdline, { shell: true })\ncmd.exe /d /s /c quotedCmdline"]
    B -- useShell = false --> E["spawn(tryCommand, args, { shell: false })"]
    D --> F{Child process exits\nbefore timeout?}
    E --> F
    F -- exits early --> G{ENOENT / EINVAL\nand not last candidate?}
    G -- yes --> H[retryNext: next candidate]
    G -- no --> I[finish: unhealthy]
    F -- still alive at timeout --> J[kill child / finish: healthy]

_{Reviews (1): Last reviewed commit: "fix(hooks): quote args when probing Wind..." | Re-trigger Greptile}

greptile-apps · 2026-06-23T15:08:45Z

+      fs.writeFileSync(
+        cmdPath,
+        ['@echo off', 'echo ARG1=[%1] 1>&2', 'node -e "setInterval(()=>{},1000)"', ''].join('\r\n')
+      );


The regression assertion is vacuous: %1 in cmd.exe is the first positional arg (--codesys-path), never the spaced path. spacedPath lands in %2. So stderr always contains ARG1=[--codesys-path], and !stderr.includes('ARG1=[C:\\Program]') is trivially true regardless of whether the quoting fix is applied. The test would pass with the old, broken spawn(tryCommand, args, {shell:true}) call. Switching to %2 and asserting its value actually exercises the fix.

Suggested change

fs.writeFileSync(

cmdPath,

['@echo off', 'echo ARG1=[%1] 1>&2', 'node -e "setInterval(()=>{},1000)"', ''].join('\r\n')

);

fs.writeFileSync(

cmdPath,

['@echo off', 'echo ARG2=[%2] 1>&2', 'node -e "setInterval(()=>{},1000)"', ''].join('\r\n')

);

greptile-apps · 2026-06-23T15:08:46Z

+        // The .cmd echo writes its first positional (%1). If the path was split
+        // at the space, %1 would be "C:\Program" (no quotes, no "Files" part).
+        // If properly quoted, %1 is the full quoted path.
+        assert.ok(
+          !result.stderr.includes('ARG1=[C:\\Program]'),
+          `Space-containing arg was split by cmd.exe (DEP0190 bug still present). stderr: ${result.stderr}`
+        );


Once the .cmd script is corrected to echo %2, this assertion should pivot to checking the positive case (the full path was received) instead of only the negative (the split fragment was absent). With the old code %2 would be C:\Program (split at the space); with the fix %2 is the full quoted path. Checking for the expected prefix both catches the regression and validates correct receipt.

Suggested change

// The .cmd echo writes its first positional (%1). If the path was split

// at the space, %1 would be "C:\Program" (no quotes, no "Files" part).

// If properly quoted, %1 is the full quoted path.

assert.ok(

!result.stderr.includes('ARG1=[C:\\Program]'),

`Space-containing arg was split by cmd.exe (DEP0190 bug still present). stderr: ${result.stderr}`

);

// The .cmd echo writes its second positional (%2). With the old broken

// code (no quoting) cmd.exe splits "C:\Program Files\..." at the space,

// so %2 is just "C:\Program". With the fix the full quoted token is

// preserved, so %2 is the entire path including "Files".

assert.ok(

result.stderr.includes('ARG2=[C:\\Program Files'),

`Space-containing arg was split by cmd.exe (DEP0190 bug still present). stderr: ${result.stderr}`

);

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

greptile-apps · 2026-06-23T15:08:47Z

+    function quoteWin(token) {
+      // If the token has no characters that need quoting, return it as-is.
+      if (!/[\s"&|<>^%!();]/.test(token)) {
+        return token;
+      }
+      // Escape embedded double quotes by doubling them, then wrap in double
+      // quotes. cmd.exe uses "" as an escaped quote inside a quoted string.
+      return '"' + token.replace(/"/g, '""') + '"';
+    }


quoteWin escapes embedded double-quotes but does not suppress cmd.exe's %VAR% expansion. Inside a double-quoted string, cmd.exe still expands environment-variable references — so an arg like C:\Users\%USERNAME%\scripts\server.exe would have %USERNAME% replaced at spawn time. For typical MCP path args this is benign, but an arg that deliberately contains a literal % (e.g., a URL-encoded segment %20) would be expanded if it happens to match an env-var name. If unintended expansion is a concern, % characters would need to be escaped to %% before wrapping.

coderabbitai

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@scripts/hooks/mcp-health-check.js`:
- Around line 346-353: The quoteWin function does not handle empty tokens
correctly—when an empty string is passed, the regex test fails to match and the
empty string is returned as-is. This causes empty arguments to be lost when the
quoted command line is built via .map(quoteWin).join(' ') at line 398, because
cmd.exe collapses multiple consecutive spaces into a single separator. Add a
check in quoteWin to detect empty strings and explicitly return them wrapped in
double quotes (as "") instead of returning them unquoted.

In `@tests/hooks/mcp-health-check.test.js`:
- Around line 1152-1185: The test is currently checking the wrong argument
position. The configuration has two args: the flag `--codesys-path` at position
1 and the actual spaced path at position 2, but the assertion checks for ARG1
which corresponds to the flag, not the spaced path value. Modify the mock cmd
script execution to echo the second argument using %~2 instead of %1, then
update the assertion to verify that the full spaced path is present in the
stderr output, confirming the path argument was properly quoted and not split by
cmd.exe.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 08397d87-9ced-4e48-8b16-034e267110cb

📥 Commits

Reviewing files that changed from the base of the PR and between 71d22d0 and 8cf2c9c.

📒 Files selected for processing (2)

scripts/hooks/mcp-health-check.js
tests/hooks/mcp-health-check.test.js

📜 Review details

⏰ Context from checks skipped due to timeout. (1)

GitHub Check: Greptile Review

🧰 Additional context used

📓 Path-based instructions (19)

**/*.{js,ts,jsx,tsx,py,java,cs,go,rb,php,scala,kt}

📄 CodeRabbit inference engine (.cursor/rules/common-coding-style.md)

**/*.{js,ts,jsx,tsx,py,java,cs,go,rb,php,scala,kt}: Always create new objects, never mutate existing ones. Use immutable patterns to prevent hidden side effects and enable safe concurrency
Organize code into many small files (200-400 lines typical, 800 lines max) organized by feature/domain rather than by type
Always handle errors explicitly at every level and never silently swallow errors
Always validate all user input before processing at system boundaries
Use schema-based validation where available
Fail fast with clear error messages when validation fails
Never trust external data (API responses, user input, file content)
Ensure code is readable and well-named
Keep functions small (less than 50 lines)
Keep files focused (less than 800 lines)
Avoid deep nesting (more than 4 levels)
Do not use hardcoded values; use constants or configuration instead

Files:

tests/hooks/mcp-health-check.test.js
scripts/hooks/mcp-health-check.js

**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php,swift,kt,rs,c,cpp,h,hpp}

📄 CodeRabbit inference engine (.cursor/rules/common-security.md)

No hardcoded secrets (API keys, passwords, tokens) - validate before any commit

Files:

tests/hooks/mcp-health-check.test.js
scripts/hooks/mcp-health-check.js

**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php}

📄 CodeRabbit inference engine (.cursor/rules/common-security.md)

**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php}: All user inputs must be validated
Enable CSRF protection on all state-changing endpoints
Verify authentication and authorization for all protected endpoints
Implement rate limiting on all endpoints to prevent abuse
Ensure error messages do not leak sensitive data in responses

Files:

tests/hooks/mcp-health-check.test.js
scripts/hooks/mcp-health-check.js

**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php,sql}

📄 CodeRabbit inference engine (.cursor/rules/common-security.md)

Use parameterized queries to prevent SQL injection

Files:

tests/hooks/mcp-health-check.test.js
scripts/hooks/mcp-health-check.js

**/*.{js,ts,jsx,tsx,html,php,java,cs,rb,go}

📄 CodeRabbit inference engine (.cursor/rules/common-security.md)

Implement XSS prevention by sanitizing HTML output

Files:

tests/hooks/mcp-health-check.test.js
scripts/hooks/mcp-health-check.js

**/*.{js,ts,jsx,tsx,py,java,cs,rb,go,php,swift,kt,rs,c,cpp,h,hpp,properties,yml,yaml,json,env,config}

📄 CodeRabbit inference engine (.cursor/rules/common-security.md)

NEVER hardcode secrets in source code - ALWAYS use environment variables or a secret manager

Files:

tests/hooks/mcp-health-check.test.js
scripts/hooks/mcp-health-check.js

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/typescript-coding-style.md)

**/*.{ts,tsx,js,jsx}: Use spread operator for immutable updates in TypeScript/JavaScript instead of direct mutation
Use async/await with try-catch for error handling in TypeScript/JavaScript
Use Zod for schema-based input validation in TypeScript/JavaScript
No console.log statements in production code; use proper logging libraries instead

**/*.{ts,tsx,js,jsx}: Auto-format JavaScript/TypeScript files using Prettier after edit
Warn about console.log statements in edited files
Check all modified files for console.log statements before session ends

**/*.{ts,tsx,js,jsx}: Use the ApiResponse interface pattern with generic type parameter: interface ApiResponse<T> { success: boolean; data?: T; error?: string; meta?: { total: number; page: number; limit: number; } }
Implement custom React hooks following the pattern: export a named function with use prefix, generic type parameters, and proper useEffect cleanup for side effects

**/*.{ts,tsx,js,jsx}: Never hardcode secrets; always use environment variables for sensitive credentials like API keys
Throw an error when required environment variables are not configured to fail fast and ensure security prerequisites are met

Use Playwright as the E2E testing framework for critical user flows in TypeScript/JavaScript

Files:

tests/hooks/mcp-health-check.test.js
scripts/hooks/mcp-health-check.js

**/*.{test,spec}.{js,ts,jsx,tsx}