@j0hanz/filesystem-context-mcp 1.0.8 → 1.0.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/__tests__/security/filesystem-boundary.test.d.ts +2 -0
- package/dist/__tests__/security/filesystem-boundary.test.d.ts.map +1 -0
- package/dist/__tests__/security/filesystem-boundary.test.js +51 -0
- package/dist/__tests__/security/filesystem-boundary.test.js.map +1 -0
- package/package.json +28 -16
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"filesystem-boundary.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/security/filesystem-boundary.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
import * as fs from 'node:fs/promises';
|
|
2
|
+
import * as path from 'node:path';
|
|
3
|
+
import { fileURLToPath } from 'node:url';
|
|
4
|
+
import fg from 'fast-glob';
|
|
5
|
+
import { describe, expect, it } from 'vitest';
|
|
6
|
+
function getRepoRoot() {
|
|
7
|
+
const currentDir = path.dirname(fileURLToPath(import.meta.url));
|
|
8
|
+
// src/__tests__/security -> repo root
|
|
9
|
+
return path.resolve(currentDir, '../../../../');
|
|
10
|
+
}
|
|
11
|
+
function hasFsImport(source) {
|
|
12
|
+
return (/from\s+['"]node:fs\/promises['"]/u.test(source) ||
|
|
13
|
+
/from\s+['"]node:fs['"]/u.test(source));
|
|
14
|
+
}
|
|
15
|
+
describe('security boundary: filesystem access', () => {
|
|
16
|
+
it('keeps direct node:fs imports inside boundary modules', async () => {
|
|
17
|
+
const repoRoot = getRepoRoot();
|
|
18
|
+
const sourceFiles = await fg(['src/**/*.ts'], {
|
|
19
|
+
cwd: repoRoot,
|
|
20
|
+
ignore: ['src/__tests__/**'],
|
|
21
|
+
onlyFiles: true,
|
|
22
|
+
dot: false,
|
|
23
|
+
});
|
|
24
|
+
// These files are allowed to import node:fs*/ because they either:
|
|
25
|
+
// - implement the security boundary itself
|
|
26
|
+
// - centralize filesystem operations
|
|
27
|
+
// - bootstrap the server before allowed directories exist
|
|
28
|
+
const allowedFsImportFiles = new Set([
|
|
29
|
+
'src/server.ts',
|
|
30
|
+
'src/lib/path-validation.ts',
|
|
31
|
+
'src/lib/file-operations.ts',
|
|
32
|
+
'src/lib/fs-helpers.ts',
|
|
33
|
+
'src/lib/search-helpers.ts',
|
|
34
|
+
]);
|
|
35
|
+
const offenders = [];
|
|
36
|
+
for (const relPath of sourceFiles) {
|
|
37
|
+
const absPath = path.join(repoRoot, relPath);
|
|
38
|
+
const content = await fs.readFile(absPath, 'utf-8');
|
|
39
|
+
if (!hasFsImport(content)) {
|
|
40
|
+
continue;
|
|
41
|
+
}
|
|
42
|
+
if (!allowedFsImportFiles.has(relPath.replace(/\\/gu, '/'))) {
|
|
43
|
+
offenders.push(relPath);
|
|
44
|
+
}
|
|
45
|
+
}
|
|
46
|
+
expect(offenders, `Unexpected node:fs imports detected outside boundary modules. ` +
|
|
47
|
+
`To keep "validate-before-access" auditable, route filesystem access through ` +
|
|
48
|
+
`src/lib/file-operations.ts and src/lib/fs-helpers.ts (and validate paths in src/lib/path-validation.ts).`).toEqual([]);
|
|
49
|
+
});
|
|
50
|
+
});
|
|
51
|
+
//# sourceMappingURL=filesystem-boundary.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"filesystem-boundary.test.js","sourceRoot":"","sources":["../../../src/__tests__/security/filesystem-boundary.test.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACvC,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,OAAO,EAAE,MAAM,WAAW,CAAC;AAC3B,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAE9C,SAAS,WAAW;IAClB,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAChE,sCAAsC;IACtC,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;AAClD,CAAC;AAED,SAAS,WAAW,CAAC,MAAc;IACjC,OAAO,CACL,mCAAmC,CAAC,IAAI,CAAC,MAAM,CAAC;QAChD,yBAAyB,CAAC,IAAI,CAAC,MAAM,CAAC,CACvC,CAAC;AACJ,CAAC;AAED,QAAQ,CAAC,sCAAsC,EAAE,GAAG,EAAE;IACpD,EAAE,CAAC,sDAAsD,EAAE,KAAK,IAAI,EAAE;QACpE,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAC;QAE/B,MAAM,WAAW,GAAG,MAAM,EAAE,CAAC,CAAC,aAAa,CAAC,EAAE;YAC5C,GAAG,EAAE,QAAQ;YACb,MAAM,EAAE,CAAC,kBAAkB,CAAC;YAC5B,SAAS,EAAE,IAAI;YACf,GAAG,EAAE,KAAK;SACX,CAAC,CAAC;QAEH,mEAAmE;QACnE,2CAA2C;QAC3C,qCAAqC;QACrC,0DAA0D;QAC1D,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAS;YAC3C,eAAe;YACf,4BAA4B;YAC5B,4BAA4B;YAC5B,uBAAuB;YACvB,2BAA2B;SAC5B,CAAC,CAAC;QAEH,MAAM,SAAS,GAAa,EAAE,CAAC;QAE/B,KAAK,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;YAClC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAC7C,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAEpD,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1B,SAAS;YACX,CAAC;YAED,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC;gBAC5D,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;QAED,MAAM,CACJ,SAAS,EACT,gEAAgE;YAC9D,8EAA8E;YAC9E,0GAA0G,CAC7G,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAChB,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,20 +1,24 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@j0hanz/filesystem-context-mcp",
|
|
3
|
-
"version": "1.0.
|
|
4
|
-
"
|
|
3
|
+
"version": "1.0.9",
|
|
4
|
+
"mcpName": "io.github.j0hanz/filesystem-context",
|
|
5
|
+
"description": "🔍 Read-only MCP server for secure filesystem exploration, searching, and analysis",
|
|
5
6
|
"type": "module",
|
|
6
7
|
"main": "dist/index.js",
|
|
8
|
+
"types": "dist/index.d.ts",
|
|
9
|
+
"exports": {
|
|
10
|
+
".": "./dist/index.js"
|
|
11
|
+
},
|
|
12
|
+
"sideEffects": false,
|
|
7
13
|
"bin": {
|
|
8
14
|
"filesystem-context-mcp": "dist/index.js"
|
|
9
15
|
},
|
|
10
16
|
"files": [
|
|
11
|
-
"dist"
|
|
17
|
+
"dist",
|
|
18
|
+
"README.md"
|
|
12
19
|
],
|
|
13
|
-
"repository": {
|
|
14
|
-
"type": "git",
|
|
15
|
-
"url": "git+https://github.com/j0hanz/filesystem-context-mcp-server.git"
|
|
16
|
-
},
|
|
17
20
|
"scripts": {
|
|
21
|
+
"clean": "node -e \"require('fs').rmSync('dist', {recursive: true, force: true})\"",
|
|
18
22
|
"build": "tsc && npm run copy:assets",
|
|
19
23
|
"copy:assets": "node -e \"require('fs').copyFileSync('src/instructions.md', 'dist/instructions.md')\"",
|
|
20
24
|
"dev": "tsx watch src/index.ts",
|
|
@@ -25,34 +29,42 @@
|
|
|
25
29
|
"lint": "eslint .",
|
|
26
30
|
"format": "prettier --write .",
|
|
27
31
|
"type-check": "tsc --noEmit",
|
|
28
|
-
"inspector": "npx @modelcontextprotocol/inspector"
|
|
32
|
+
"inspector": "npx @modelcontextprotocol/inspector",
|
|
33
|
+
"prepublishOnly": "npm run lint && npm run type-check && npm run build"
|
|
29
34
|
},
|
|
30
35
|
"keywords": [
|
|
31
36
|
"mcp",
|
|
32
37
|
"model-context-protocol",
|
|
33
38
|
"filesystem",
|
|
34
|
-
"scanner"
|
|
39
|
+
"scanner",
|
|
40
|
+
"search",
|
|
41
|
+
"analysis"
|
|
35
42
|
],
|
|
36
|
-
"author": "",
|
|
43
|
+
"author": "j0hanz",
|
|
37
44
|
"license": "MIT",
|
|
45
|
+
"repository": {
|
|
46
|
+
"type": "git",
|
|
47
|
+
"url": "https://github.com/j0hanz/filesystem-context-mcp-server.git"
|
|
48
|
+
},
|
|
49
|
+
"homepage": "https://github.com/j0hanz/filesystem-context-mcp-server#readme",
|
|
38
50
|
"dependencies": {
|
|
39
|
-
"@modelcontextprotocol/sdk": "^1.
|
|
51
|
+
"@modelcontextprotocol/sdk": "^1.24.3",
|
|
40
52
|
"fast-glob": "^3.3.3",
|
|
41
53
|
"minimatch": "^10.1.1",
|
|
42
54
|
"safe-regex2": "^5.0.0",
|
|
43
55
|
"zod": "^3.24.0"
|
|
44
56
|
},
|
|
45
57
|
"devDependencies": {
|
|
46
|
-
"@eslint/js": "^9.
|
|
58
|
+
"@eslint/js": "^9.39.1",
|
|
47
59
|
"@trivago/prettier-plugin-sort-imports": "^6.0.0",
|
|
48
60
|
"@types/node": "^22.10.0",
|
|
49
61
|
"@vitest/coverage-v8": "^4.0.15",
|
|
50
62
|
"eslint": "^9.23.0",
|
|
51
|
-
"eslint-config-prettier": "^10.1.
|
|
63
|
+
"eslint-config-prettier": "^10.1.8",
|
|
52
64
|
"eslint-plugin-unused-imports": "^4.3.0",
|
|
53
|
-
"prettier": "^3",
|
|
54
|
-
"tsx": "^4.
|
|
55
|
-
"typescript": "^5.
|
|
65
|
+
"prettier": "^3.7.4",
|
|
66
|
+
"tsx": "^4.21.0",
|
|
67
|
+
"typescript": "^5.9.3",
|
|
56
68
|
"typescript-eslint": "^8.49.0",
|
|
57
69
|
"vitest": "^4.0.15"
|
|
58
70
|
},
|