@j0hanz/filesystem-context-mcp 1.1.0 → 1.2.0

package/dist/lib/path-validation/allowed-directories.js

@@ -0,0 +1,94 @@
+import * as fs from 'node:fs/promises';
+import * as path from 'node:path';
+import { normalizePath } from '../path-utils.js';
+const PATH_SEPARATOR = process.platform === 'win32' ? '\\' : '/';
+let allowedDirectories = [];
+export const RESERVED_DEVICE_NAMES = new Set([
+    'CON',
+    'PRN',
+    'AUX',
+    'NUL',
+    'COM1',
+    'COM2',
+    'COM3',
+    'COM4',
+    'COM5',
+    'COM6',
+    'COM7',
+    'COM8',
+    'COM9',
+    'LPT1',
+    'LPT2',
+    'LPT3',
+    'LPT4',
+    'LPT5',
+    'LPT6',
+    'LPT7',
+    'LPT8',
+    'LPT9',
+]);
+export function normalizeForComparison(p) {
+    return process.platform === 'win32' ? p.toLowerCase() : p;
+}
+function stripTrailingSeparator(normalized) {
+    return normalized.endsWith(PATH_SEPARATOR)
+        ? normalized.slice(0, -1)
+        : normalized;
+}
+export function normalizeAllowedDirectory(dir) {
+    const normalized = normalizePath(dir);
+    if (normalized.length === 0)
+        return '';
+    const { root } = path.parse(normalized);
+    const isRoot = normalizeForComparison(root) === normalizeForComparison(normalized);
+    if (isRoot)
+        return root;
+    return stripTrailingSeparator(normalized);
+}
+export function setAllowedDirectories(dirs) {
+    const normalized = dirs
+        .map(normalizeAllowedDirectory)
+        .filter((d) => d.length > 0);
+    allowedDirectories = [...new Set(normalized)];
+}
+export function getAllowedDirectories() {
+    return [...allowedDirectories];
+}
+export function isPathWithinAllowedDirectories(normalizedPath) {
+    const candidate = normalizeForComparison(normalizedPath);
+    return allowedDirectories.some((allowedDir) => {
+        const allowed = normalizeForComparison(allowedDir);
+        const root = normalizeForComparison(path.parse(allowedDir).root);
+        if (allowed === root) {
+            return candidate.startsWith(allowed);
+        }
+        return (candidate === allowed || candidate.startsWith(allowed + PATH_SEPARATOR));
+    });
+}
+export async function expandAllowedDirectories(dirs) {
+    const expanded = [];
+    for (const dir of dirs) {
+        const normalized = normalizeAllowedDirectory(dir);
+        if (!normalized)
+            continue;
+        expanded.push(normalized);
+        try {
+            const realPath = await fs.realpath(normalized);
+            const normalizedReal = normalizeAllowedDirectory(realPath);
+            if (normalizedReal &&
+                normalizeForComparison(normalizedReal) !==
+                    normalizeForComparison(normalized)) {
+                expanded.push(normalizedReal);
+            }
+        }
+        catch {
+            // Keep normalized path if realpath fails
+        }
+    }
+    return [...new Set(expanded)];
+}
+export async function setAllowedDirectoriesResolved(dirs) {
+    const expanded = await expandAllowedDirectories(dirs);
+    setAllowedDirectories(expanded);
+}
+//# sourceMappingURL=allowed-directories.js.map

package/dist/lib/path-validation/allowed-directories.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"allowed-directories.js","sourceRoot":"","sources":["../../../src/lib/path-validation/allowed-directories.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACvC,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEjD,MAAM,cAAc,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;AAEjE,IAAI,kBAAkB,GAAa,EAAE,CAAC;AAEtC,MAAM,CAAC,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC;IAC3C,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;CACP,CAAC,CAAC;AAEH,MAAM,UAAU,sBAAsB,CAAC,CAAS;IAC9C,OAAO,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;AAC5D,CAAC;AAED,SAAS,sBAAsB,CAAC,UAAkB;IAChD,OAAO,UAAU,CAAC,QAAQ,CAAC,cAAc,CAAC;QACxC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACzB,CAAC,CAAC,UAAU,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,GAAW;IACnD,MAAM,UAAU,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;IACtC,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAEvC,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IACxC,MAAM,MAAM,GACV,sBAAsB,CAAC,IAAI,CAAC,KAAK,sBAAsB,CAAC,UAAU,CAAC,CAAC;IACtE,IAAI,MAAM;QAAE,OAAO,IAAI,CAAC;IAExB,OAAO,sBAAsB,CAAC,UAAU,CAAC,CAAC;AAC5C,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,IAAc;IAClD,MAAM,UAAU,GAAG,IAAI;SACpB,GAAG,CAAC,yBAAyB,CAAC;SAC9B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC/B,kBAAkB,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;AAChD,CAAC;AAED,MAAM,UAAU,qBAAqB;IACnC,OAAO,CAAC,GAAG,kBAAkB,CAAC,CAAC;AACjC,CAAC;AAED,MAAM,UAAU,8BAA8B,CAC5C,cAAsB;IAEtB,MAAM,SAAS,GAAG,sBAAsB,CAAC,cAAc,CAAC,CAAC;IACzD,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,EAAE;QAC5C,MAAM,OAAO,GAAG,sBAAsB,CAAC,UAAU,CAAC,CAAC;QACnD,MAAM,IAAI,GAAG,sBAAsB,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC;QACjE,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;YACrB,OAAO,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QACvC,CAAC;QACD,OAAO,CACL,SAAS,KAAK,OAAO,IAAI,SAAS,CAAC,UAAU,CAAC,OAAO,GAAG,cAAc,CAAC,CACxE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,IAAc;IAEd,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,UAAU,GAAG,yBAAyB,CAAC,GAAG,CAAC,CAAC;QAClD,IAAI,CAAC,UAAU;YAAE,SAAS;QAC1B,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAE1B,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YAC/C,MAAM,cAAc,GAAG,yBAAyB,CAAC,QAAQ,CAAC,CAAC;YAC3D,IACE,cAAc;gBACd,sBAAsB,CAAC,cAAc,CAAC;oBACpC,sBAAsB,CAAC,UAAU,CAAC,EACpC,CAAC;gBACD,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,yCAAyC;QAC3C,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;AAChC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,6BAA6B,CACjD,IAAc;IAEd,MAAM,QAAQ,GAAG,MAAM,wBAAwB,CAAC,IAAI,CAAC,CAAC;IACtD,qBAAqB,CAAC,QAAQ,CAAC,CAAC;AAClC,CAAC"}

package/dist/lib/path-validation/errors.d.ts

@@ -0,0 +1,5 @@
+import { McpError } from '../errors.js';
+export declare function buildAllowedDirectoriesHint(): string;
+export declare function toMcpError(requestedPath: string, error: unknown): McpError;
+export declare function toAccessDeniedWithHint(requestedPath: string, resolvedPath: string, normalizedResolved: string): McpError;
+//# sourceMappingURL=errors.d.ts.map

package/dist/lib/path-validation/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../src/lib/path-validation/errors.ts"],"names":[],"mappings":"AAAA,OAAO,EAAa,QAAQ,EAAE,MAAM,cAAc,CAAC;AAanD,wBAAgB,2BAA2B,IAAI,MAAM,CAKpD;AAED,wBAAgB,UAAU,CAAC,aAAa,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,GAAG,QAAQ,CAmD1E;AAED,wBAAgB,sBAAsB,CACpC,aAAa,EAAE,MAAM,EACrB,YAAY,EAAE,MAAM,EACpB,kBAAkB,EAAE,MAAM,GACzB,QAAQ,CAQV"}

package/dist/lib/path-validation/errors.js

@@ -0,0 +1,33 @@
+import { ErrorCode, McpError } from '../errors.js';
+import { getAllowedDirectories } from './allowed-directories.js';
+function createMcpError(code, message, requestedPath, details, cause) {
+    return new McpError(code, message, requestedPath, details, cause);
+}
+export function buildAllowedDirectoriesHint() {
+    const allowedDirs = getAllowedDirectories();
+    return allowedDirs.length > 0
+        ? `Allowed directories:\n${allowedDirs.map((d) => `  - ${d}`).join('\n')}`
+        : 'No allowed directories configured. Use CLI arguments or MCP roots protocol.';
+}
+export function toMcpError(requestedPath, error) {
+    const nodeError = error;
+    const { code } = nodeError;
+    if (code === 'ENOENT') {
+        return createMcpError(ErrorCode.E_NOT_FOUND, `Path does not exist: ${requestedPath}`, requestedPath, { originalCode: code }, error);
+    }
+    if (code === 'EACCES' || code === 'EPERM') {
+        return createMcpError(ErrorCode.E_PERMISSION_DENIED, `Permission denied accessing path: ${requestedPath}`, requestedPath, { originalCode: code }, error);
+    }
+    if (code === 'ELOOP') {
+        return createMcpError(ErrorCode.E_SYMLINK_NOT_ALLOWED, `Too many symbolic links in path (possible circular reference): ${requestedPath}`, requestedPath, { originalCode: code }, error);
+    }
+    if (code === 'ENAMETOOLONG') {
+        return createMcpError(ErrorCode.E_INVALID_INPUT, `Path name too long: ${requestedPath}`, requestedPath, { originalCode: code }, error);
+    }
+    return createMcpError(ErrorCode.E_NOT_FOUND, `Path is not accessible: ${requestedPath}`, requestedPath, { originalCode: code, originalMessage: nodeError.message }, error);
+}
+export function toAccessDeniedWithHint(requestedPath, resolvedPath, normalizedResolved) {
+    const suggestion = buildAllowedDirectoriesHint();
+    return new McpError(ErrorCode.E_ACCESS_DENIED, `Access denied: Path '${requestedPath}' is outside allowed directories.\n\n${suggestion}`, requestedPath, { resolvedPath, normalizedResolvedPath: normalizedResolved });
+}
+//# sourceMappingURL=errors.js.map

package/dist/lib/path-validation/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../../src/lib/path-validation/errors.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AACnD,OAAO,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AAEjE,SAAS,cAAc,CACrB,IAAe,EACf,OAAe,EACf,aAAqB,EACrB,OAAgC,EAChC,KAAc;IAEd,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,OAAO,EAAE,aAAa,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;AACpE,CAAC;AAED,MAAM,UAAU,2BAA2B;IACzC,MAAM,WAAW,GAAG,qBAAqB,EAAE,CAAC;IAC5C,OAAO,WAAW,CAAC,MAAM,GAAG,CAAC;QAC3B,CAAC,CAAC,yBAAyB,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QAC1E,CAAC,CAAC,6EAA6E,CAAC;AACpF,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,aAAqB,EAAE,KAAc;IAC9D,MAAM,SAAS,GAAG,KAA8B,CAAC;IACjD,MAAM,EAAE,IAAI,EAAE,GAAG,SAAS,CAAC;IAE3B,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtB,OAAO,cAAc,CACnB,SAAS,CAAC,WAAW,EACrB,wBAAwB,aAAa,EAAE,EACvC,aAAa,EACb,EAAE,YAAY,EAAE,IAAI,EAAE,EACtB,KAAK,CACN,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QAC1C,OAAO,cAAc,CACnB,SAAS,CAAC,mBAAmB,EAC7B,qCAAqC,aAAa,EAAE,EACpD,aAAa,EACb,EAAE,YAAY,EAAE,IAAI,EAAE,EACtB,KAAK,CACN,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QACrB,OAAO,cAAc,CACnB,SAAS,CAAC,qBAAqB,EAC/B,kEAAkE,aAAa,EAAE,EACjF,aAAa,EACb,EAAE,YAAY,EAAE,IAAI,EAAE,EACtB,KAAK,CACN,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,KAAK,cAAc,EAAE,CAAC;QAC5B,OAAO,cAAc,CACnB,SAAS,CAAC,eAAe,EACzB,uBAAuB,aAAa,EAAE,EACtC,aAAa,EACb,EAAE,YAAY,EAAE,IAAI,EAAE,EACtB,KAAK,CACN,CAAC;IACJ,CAAC;IAED,OAAO,cAAc,CACnB,SAAS,CAAC,WAAW,EACrB,2BAA2B,aAAa,EAAE,EAC1C,aAAa,EACb,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,SAAS,CAAC,OAAO,EAAE,EAC1D,KAAK,CACN,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,sBAAsB,CACpC,aAAqB,EACrB,YAAoB,EACpB,kBAA0B;IAE1B,MAAM,UAAU,GAAG,2BAA2B,EAAE,CAAC;IACjD,OAAO,IAAI,QAAQ,CACjB,SAAS,CAAC,eAAe,EACzB,wBAAwB,aAAa,wCAAwC,UAAU,EAAE,EACzF,aAAa,EACb,EAAE,YAAY,EAAE,sBAAsB,EAAE,kBAAkB,EAAE,CAC7D,CAAC;AACJ,CAAC"}

package/dist/lib/path-validation/roots.d.ts

@@ -0,0 +1,3 @@
+import type { Root } from '@modelcontextprotocol/sdk/types.js';
+export declare function getValidRootDirectories(roots: Root[]): Promise<string[]>;
+//# sourceMappingURL=roots.d.ts.map

package/dist/lib/path-validation/roots.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"roots.d.ts","sourceRoot":"","sources":["../../../src/lib/path-validation/roots.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AA2C/D,wBAAsB,uBAAuB,CAC3C,KAAK,EAAE,IAAI,EAAE,GACZ,OAAO,CAAC,MAAM,EAAE,CAAC,CAcnB"}

package/dist/lib/path-validation/roots.js

@@ -0,0 +1,49 @@
+import * as fs from 'node:fs/promises';
+import { fileURLToPath } from 'node:url';
+import { normalizePath } from '../path-utils.js';
+import { normalizeForComparison } from './allowed-directories.js';
+function isFileRoot(root) {
+    return root.uri.startsWith('file://');
+}
+async function maybeAddRealPath(normalizedPath, validDirs) {
+    try {
+        const realPath = await fs.realpath(normalizedPath);
+        const normalizedReal = normalizePath(realPath);
+        if (normalizeForComparison(normalizedReal) !==
+            normalizeForComparison(normalizedPath)) {
+            validDirs.push(normalizedReal);
+        }
+    }
+    catch {
+        // If realpath fails, use the normalized path only
+    }
+}
+async function resolveRootDirectory(root) {
+    try {
+        const dirPath = fileURLToPath(root.uri);
+        const normalizedPath = normalizePath(dirPath);
+        const stats = await fs.stat(normalizedPath);
+        if (!stats.isDirectory()) {
+            console.error(`Skipping root (not a directory): ${normalizedPath}`);
+            return null;
+        }
+        return normalizedPath;
+    }
+    catch {
+        return null;
+    }
+}
+export async function getValidRootDirectories(roots) {
+    const validDirs = [];
+    for (const root of roots) {
+        if (!isFileRoot(root))
+            continue;
+        const normalizedPath = await resolveRootDirectory(root);
+        if (!normalizedPath)
+            continue;
+        validDirs.push(normalizedPath);
+        await maybeAddRealPath(normalizedPath, validDirs);
+    }
+    return validDirs;
+}
+//# sourceMappingURL=roots.js.map

package/dist/lib/path-validation/roots.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"roots.js","sourceRoot":"","sources":["../../../src/lib/path-validation/roots.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAIzC,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAElE,SAAS,UAAU,CAAC,IAAU;IAC5B,OAAO,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;AACxC,CAAC;AAED,KAAK,UAAU,gBAAgB,CAC7B,cAAsB,EACtB,SAAmB;IAEnB,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;QACnD,MAAM,cAAc,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;QAC/C,IACE,sBAAsB,CAAC,cAAc,CAAC;YACtC,sBAAsB,CAAC,cAAc,CAAC,EACtC,CAAC;YACD,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,kDAAkD;IACpD,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB,CAAC,IAAU;IAC5C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACxC,MAAM,cAAc,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;QAC9C,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAC5C,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACzB,OAAO,CAAC,KAAK,CAAC,oCAAoC,cAAc,EAAE,CAAC,CAAC;YACpE,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,cAAc,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,KAAa;IAEb,MAAM,SAAS,GAAa,EAAE,CAAC;IAE/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,SAAS;QAEhC,MAAM,cAAc,GAAG,MAAM,oBAAoB,CAAC,IAAI,CAAC,CAAC;QACxD,IAAI,CAAC,cAAc;YAAE,SAAS;QAE9B,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAC/B,MAAM,gBAAgB,CAAC,cAAc,EAAE,SAAS,CAAC,CAAC;IACpD,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC"}

package/dist/lib/path-validation/validators.d.ts

@@ -0,0 +1,9 @@
+interface ValidatedPathDetails {
+    requestedPath: string;
+    resolvedPath: string;
+    isSymlink: boolean;
+}
+export declare function validateExistingPathDetailed(requestedPath: string): Promise<ValidatedPathDetails>;
+export declare function validateExistingPath(requestedPath: string): Promise<string>;
+export {};
+//# sourceMappingURL=validators.d.ts.map

package/dist/lib/path-validation/validators.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validators.d.ts","sourceRoot":"","sources":["../../../src/lib/path-validation/validators.ts"],"names":[],"mappings":"AAWA,UAAU,oBAAoB;IAC5B,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,OAAO,CAAC;CACpB;AAgGD,wBAAsB,4BAA4B,CAChD,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,oBAAoB,CAAC,CAE/B;AAED,wBAAsB,oBAAoB,CACxC,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,MAAM,CAAC,CAGjB"}

package/dist/lib/path-validation/validators.js

@@ -0,0 +1,70 @@
+import * as fs from 'node:fs/promises';
+import { ErrorCode, McpError } from '../errors.js';
+import { normalizePath } from '../path-utils.js';
+import { isPathWithinAllowedDirectories, normalizeForComparison, RESERVED_DEVICE_NAMES, } from './allowed-directories.js';
+import { toAccessDeniedWithHint, toMcpError } from './errors.js';
+function ensureNonEmptyPath(requestedPath) {
+    if (!requestedPath || requestedPath.trim().length === 0) {
+        throw new McpError(ErrorCode.E_INVALID_INPUT, 'Path cannot be empty or whitespace', requestedPath);
+    }
+}
+function ensureNoNullBytes(requestedPath) {
+    if (requestedPath.includes('\0')) {
+        throw new McpError(ErrorCode.E_INVALID_INPUT, 'Path contains null bytes', requestedPath);
+    }
+}
+function ensureNoReservedWindowsNames(requestedPath) {
+    if (process.platform !== 'win32')
+        return;
+    const segments = requestedPath.split(/[\\/]/);
+    for (const segment of segments) {
+        const baseName = segment.split('.')[0]?.toUpperCase();
+        if (baseName && RESERVED_DEVICE_NAMES.has(baseName)) {
+            throw new McpError(ErrorCode.E_INVALID_INPUT, `Windows reserved device name not allowed: ${baseName}`, requestedPath);
+        }
+    }
+}
+function ensureWithinAllowedDirectories(normalizedPath, requestedPath, details) {
+    if (isPathWithinAllowedDirectories(normalizedPath))
+        return;
+    throw new McpError(ErrorCode.E_ACCESS_DENIED, `Access denied: Path '${requestedPath}' is outside allowed directories`, requestedPath, details);
+}
+function validateRequestedPath(requestedPath) {
+    ensureNonEmptyPath(requestedPath);
+    ensureNoNullBytes(requestedPath);
+    ensureNoReservedWindowsNames(requestedPath);
+    return normalizePath(requestedPath);
+}
+async function resolveRealPath(requestedPath, normalizedRequested) {
+    try {
+        return await fs.realpath(normalizedRequested);
+    }
+    catch (error) {
+        throw toMcpError(requestedPath, error);
+    }
+}
+async function validateExistingPathDetailsInternal(requestedPath) {
+    const normalizedRequested = validateRequestedPath(requestedPath);
+    ensureWithinAllowedDirectories(normalizedRequested, requestedPath, {
+        normalizedPath: normalizedRequested,
+    });
+    const realPath = await resolveRealPath(requestedPath, normalizedRequested);
+    const normalizedReal = normalizePath(realPath);
+    if (!isPathWithinAllowedDirectories(normalizedReal)) {
+        throw toAccessDeniedWithHint(requestedPath, realPath, normalizedReal);
+    }
+    return {
+        requestedPath: normalizedRequested,
+        resolvedPath: normalizedReal,
+        isSymlink: normalizeForComparison(normalizedRequested) !==
+            normalizeForComparison(normalizedReal),
+    };
+}
+export async function validateExistingPathDetailed(requestedPath) {
+    return validateExistingPathDetailsInternal(requestedPath);
+}
+export async function validateExistingPath(requestedPath) {
+    const details = await validateExistingPathDetailsInternal(requestedPath);
+    return details.resolvedPath;
+}
+//# sourceMappingURL=validators.js.map

package/dist/lib/path-validation/validators.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validators.js","sourceRoot":"","sources":["../../../src/lib/path-validation/validators.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAEvC,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EACL,8BAA8B,EAC9B,sBAAsB,EACtB,qBAAqB,GACtB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,sBAAsB,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAQjE,SAAS,kBAAkB,CAAC,aAAqB;IAC/C,IAAI,CAAC,aAAa,IAAI,aAAa,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxD,MAAM,IAAI,QAAQ,CAChB,SAAS,CAAC,eAAe,EACzB,oCAAoC,EACpC,aAAa,CACd,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,aAAqB;IAC9C,IAAI,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,QAAQ,CAChB,SAAS,CAAC,eAAe,EACzB,0BAA0B,EAC1B,aAAa,CACd,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,4BAA4B,CAAC,aAAqB;IACzD,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO;QAAE,OAAO;IAEzC,MAAM,QAAQ,GAAG,aAAa,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC9C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC;QACtD,IAAI,QAAQ,IAAI,qBAAqB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YACpD,MAAM,IAAI,QAAQ,CAChB,SAAS,CAAC,eAAe,EACzB,6CAA6C,QAAQ,EAAE,EACvD,aAAa,CACd,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,8BAA8B,CACrC,cAAsB,EACtB,aAAqB,EACrB,OAAiC;IAEjC,IAAI,8BAA8B,CAAC,cAAc,CAAC;QAAE,OAAO;IAE3D,MAAM,IAAI,QAAQ,CAChB,SAAS,CAAC,eAAe,EACzB,wBAAwB,aAAa,kCAAkC,EACvE,aAAa,EACb,OAAO,CACR,CAAC;AACJ,CAAC;AAED,SAAS,qBAAqB,CAAC,aAAqB;IAClD,kBAAkB,CAAC,aAAa,CAAC,CAAC;IAClC,iBAAiB,CAAC,aAAa,CAAC,CAAC;IACjC,4BAA4B,CAAC,aAAa,CAAC,CAAC;IAC5C,OAAO,aAAa,CAAC,aAAa,CAAC,CAAC;AACtC,CAAC;AAED,KAAK,UAAU,eAAe,CAC5B,aAAqB,EACrB,mBAA2B;IAE3B,IAAI,CAAC;QACH,OAAO,MAAM,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC;IAChD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,UAAU,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;IACzC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,mCAAmC,CAChD,aAAqB;IAErB,MAAM,mBAAmB,GAAG,qBAAqB,CAAC,aAAa,CAAC,CAAC;IAEjE,8BAA8B,CAAC,mBAAmB,EAAE,aAAa,EAAE;QACjE,cAAc,EAAE,mBAAmB;KACpC,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,aAAa,EAAE,mBAAmB,CAAC,CAAC;IAC3E,MAAM,cAAc,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IAE/C,IAAI,CAAC,8BAA8B,CAAC,cAAc,CAAC,EAAE,CAAC;QACpD,MAAM,sBAAsB,CAAC,aAAa,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAC;IACxE,CAAC;IAED,OAAO;QACL,aAAa,EAAE,mBAAmB;QAClC,YAAY,EAAE,cAAc;QAC5B,SAAS,EACP,sBAAsB,CAAC,mBAAmB,CAAC;YAC3C,sBAAsB,CAAC,cAAc,CAAC;KACzC,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,4BAA4B,CAChD,aAAqB;IAErB,OAAO,mCAAmC,CAAC,aAAa,CAAC,CAAC;AAC5D,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,aAAqB;IAErB,MAAM,OAAO,GAAG,MAAM,mCAAmC,CAAC,aAAa,CAAC,CAAC;IACzE,OAAO,OAAO,CAAC,YAAY,CAAC;AAC9B,CAAC"}

package/dist/lib/path-validation.d.ts

@@ -1,8 +1,4 @@
-import type { Root } from '@modelcontextprotocol/sdk/types.js';
-import type { ValidatedPathDetails } from '../config/types.js';
-export declare function setAllowedDirectories(dirs: string[]): void;
-export declare function getAllowedDirectories(): string[];
-export declare function validateExistingPathDetailed(requestedPath: string): Promise<ValidatedPathDetails>;
-export declare function validateExistingPath(requestedPath: string): Promise<string>;
-export declare function getValidRootDirectories(roots: Root[]): Promise<string[]>;
+export { getAllowedDirectories, setAllowedDirectories, setAllowedDirectoriesResolved, expandAllowedDirectories, RESERVED_DEVICE_NAMES, } from './path-validation/allowed-directories.js';
+export { validateExistingPath, validateExistingPathDetailed, } from './path-validation/validators.js';
+export { getValidRootDirectories } from './path-validation/roots.js';
 //# sourceMappingURL=path-validation.d.ts.map

package/dist/lib/path-validation.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"path-validation.d.ts","sourceRoot":"","sources":["../../src/lib/path-validation.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAE/D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAM/D,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAG1D;AAED,wBAAgB,qBAAqB,IAAI,MAAM,EAAE,CAEhD;AAoKD,wBAAsB,4BAA4B,CAChD,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,oBAAoB,CAAC,CAE/B;AAED,wBAAsB,oBAAoB,CACxC,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,MAAM,CAAC,CAGjB;AAED,wBAAsB,uBAAuB,CAC3C,KAAK,EAAE,IAAI,EAAE,GACZ,OAAO,CAAC,MAAM,EAAE,CAAC,CA8BnB"}
+{"version":3,"file":"path-validation.d.ts","sourceRoot":"","sources":["../../src/lib/path-validation.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,qBAAqB,EACrB,qBAAqB,EACrB,6BAA6B,EAC7B,wBAAwB,EACxB,qBAAqB,GACtB,MAAM,0CAA0C,CAAC;AAClD,OAAO,EACL,oBAAoB,EACpB,4BAA4B,GAC7B,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAAE,uBAAuB,EAAE,MAAM,4BAA4B,CAAC"}

package/dist/lib/path-validation.js

@@ -1,142 +1,4 @@
-import * as fs from 'node:fs/promises';
-import { fileURLToPath } from 'node:url';
-import { ErrorCode, McpError } from './errors.js';
-import { normalizePath } from './path-utils.js';
-let allowedDirectories = [];
-export function setAllowedDirectories(dirs) {
-    const normalized = dirs.map(normalizePath).filter((d) => d.length > 0);
-    allowedDirectories = [...new Set(normalized)];
-}
-export function getAllowedDirectories() {
-    return [...allowedDirectories];
-}
-const PATH_SEPARATOR = process.platform === 'win32' ? '\\' : '/';
-function normalizeForComparison(p) {
-    return process.platform === 'win32' ? p.toLowerCase() : p;
-}
-function isPathWithinAllowedDirectories(normalizedPath) {
-    const candidate = normalizeForComparison(normalizedPath);
-    return allowedDirectories.some((allowedDir) => {
-        const allowed = normalizeForComparison(allowedDir);
-        return (candidate === allowed || candidate.startsWith(allowed + PATH_SEPARATOR));
-    });
-}
-const RESERVED_DEVICE_NAMES = new Set([
-    'CON',
-    'PRN',
-    'AUX',
-    'NUL',
-    'COM1',
-    'COM2',
-    'COM3',
-    'COM4',
-    'COM5',
-    'COM6',
-    'COM7',
-    'COM8',
-    'COM9',
-    'LPT1',
-    'LPT2',
-    'LPT3',
-    'LPT4',
-    'LPT5',
-    'LPT6',
-    'LPT7',
-    'LPT8',
-    'LPT9',
-]);
-async function validateExistingPathDetailsInternal(requestedPath) {
-    if (!requestedPath || requestedPath.trim().length === 0) {
-        throw new McpError(ErrorCode.E_INVALID_INPUT, 'Path cannot be empty or whitespace', requestedPath);
-    }
-    // Check for null bytes (path truncation attack prevention)
-    if (requestedPath.includes('\0')) {
-        throw new McpError(ErrorCode.E_INVALID_INPUT, 'Path contains null bytes', requestedPath);
-    }
-    // Check for Windows reserved device names
-    if (process.platform === 'win32') {
-        const segments = requestedPath.split(/[\\/]/);
-        for (const segment of segments) {
-            const baseName = segment.split('.')[0]?.toUpperCase();
-            if (baseName && RESERVED_DEVICE_NAMES.has(baseName)) {
-                throw new McpError(ErrorCode.E_INVALID_INPUT, `Windows reserved device name not allowed: ${baseName}`, requestedPath);
-            }
-        }
-    }
-    const normalizedRequested = normalizePath(requestedPath);
-    if (!isPathWithinAllowedDirectories(normalizedRequested)) {
-        throw new McpError(ErrorCode.E_ACCESS_DENIED, `Access denied: Path '${requestedPath}' is outside allowed directories`, requestedPath, { normalizedPath: normalizedRequested });
-    }
-    let realPath;
-    try {
-        realPath = await fs.realpath(normalizedRequested);
-    }
-    catch (error) {
-        const nodeError = error;
-        if (nodeError.code === 'ENOENT') {
-            throw new McpError(ErrorCode.E_NOT_FOUND, `Path does not exist: ${requestedPath}`, requestedPath, { originalCode: nodeError.code }, error);
-        }
-        if (nodeError.code === 'EACCES' || nodeError.code === 'EPERM') {
-            throw new McpError(ErrorCode.E_PERMISSION_DENIED, `Permission denied accessing path: ${requestedPath}`, requestedPath, { originalCode: nodeError.code }, error);
-        }
-        if (nodeError.code === 'ELOOP') {
-            throw new McpError(ErrorCode.E_SYMLINK_NOT_ALLOWED, `Too many symbolic links in path (possible circular reference): ${requestedPath}`, requestedPath, { originalCode: nodeError.code }, error);
-        }
-        if (nodeError.code === 'ENAMETOOLONG') {
-            throw new McpError(ErrorCode.E_INVALID_INPUT, `Path name too long: ${requestedPath}`, requestedPath, { originalCode: nodeError.code }, error);
-        }
-        throw new McpError(ErrorCode.E_NOT_FOUND, `Path is not accessible: ${requestedPath}`, requestedPath, { originalCode: nodeError.code, originalMessage: nodeError.message }, error);
-    }
-    const normalizedReal = normalizePath(realPath);
-    if (!isPathWithinAllowedDirectories(normalizedReal)) {
-        const allowedDirs = getAllowedDirectories();
-        const suggestion = allowedDirs.length > 0
-            ? `Allowed directories:\n${allowedDirs.map((d) => `  - ${d}`).join('\n')}`
-            : 'No allowed directories configured. Use CLI arguments or MCP roots protocol.';
-        throw new McpError(ErrorCode.E_ACCESS_DENIED, `Access denied: Path '${requestedPath}' is outside allowed directories.\n\n${suggestion}`, requestedPath, { resolvedPath: realPath, normalizedResolvedPath: normalizedReal });
-    }
-    const isSymlink = normalizedRequested !== normalizedReal;
-    return {
-        requestedPath: normalizedRequested,
-        resolvedPath: normalizedReal,
-        isSymlink,
-    };
-}
-export async function validateExistingPathDetailed(requestedPath) {
-    return validateExistingPathDetailsInternal(requestedPath);
-}
-export async function validateExistingPath(requestedPath) {
-    const details = await validateExistingPathDetailsInternal(requestedPath);
-    return details.resolvedPath;
-}
-export async function getValidRootDirectories(roots) {
-    const validDirs = [];
-    for (const root of roots) {
-        if (!root.uri.startsWith('file://')) {
-            continue;
-        }
-        try {
-            const dirPath = fileURLToPath(root.uri);
-            const normalizedPath = normalizePath(dirPath);
-            const stats = await fs.stat(normalizedPath);
-            if (stats.isDirectory()) {
-                try {
-                    const realPath = await fs.realpath(normalizedPath);
-                    validDirs.push(normalizePath(realPath));
-                }
-                catch {
-                    // If realpath fails, use the normalized path
-                    validDirs.push(normalizedPath);
-                }
-            }
-            else {
-                console.error(`Skipping root (not a directory): ${normalizedPath}`);
-            }
-        }
-        catch {
-            continue;
-        }
-    }
-    return validDirs;
-}
+export { getAllowedDirectories, setAllowedDirectories, setAllowedDirectoriesResolved, expandAllowedDirectories, RESERVED_DEVICE_NAMES, } from './path-validation/allowed-directories.js';
+export { validateExistingPath, validateExistingPathDetailed, } from './path-validation/validators.js';
+export { getValidRootDirectories } from './path-validation/roots.js';
 //# sourceMappingURL=path-validation.js.map

package/dist/lib/path-validation.js.map

@@ -1 +1 @@
-{"version":3,"file":"path-validation.js","sourceRoot":"","sources":["../../src/lib/path-validation.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAKzC,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD,IAAI,kBAAkB,GAAa,EAAE,CAAC;AAEtC,MAAM,UAAU,qBAAqB,CAAC,IAAc;IAClD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACvE,kBAAkB,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;AAChD,CAAC;AAED,MAAM,UAAU,qBAAqB;IACnC,OAAO,CAAC,GAAG,kBAAkB,CAAC,CAAC;AACjC,CAAC;AAED,MAAM,cAAc,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;AAEjE,SAAS,sBAAsB,CAAC,CAAS;IACvC,OAAO,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;AAC5D,CAAC;AAED,SAAS,8BAA8B,CAAC,cAAsB;IAC5D,MAAM,SAAS,GAAG,sBAAsB,CAAC,cAAc,CAAC,CAAC;IACzD,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,EAAE;QAC5C,MAAM,OAAO,GAAG,sBAAsB,CAAC,UAAU,CAAC,CAAC;QACnD,OAAO,CACL,SAAS,KAAK,OAAO,IAAI,SAAS,CAAC,UAAU,CAAC,OAAO,GAAG,cAAc,CAAC,CACxE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC;IACpC,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;CACP,CAAC,CAAC;AAEH,KAAK,UAAU,mCAAmC,CAChD,aAAqB;IAErB,IAAI,CAAC,aAAa,IAAI,aAAa,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxD,MAAM,IAAI,QAAQ,CAChB,SAAS,CAAC,eAAe,EACzB,oCAAoC,EACpC,aAAa,CACd,CAAC;IACJ,CAAC;IAED,2DAA2D;IAC3D,IAAI,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,QAAQ,CAChB,SAAS,CAAC,eAAe,EACzB,0BAA0B,EAC1B,aAAa,CACd,CAAC;IACJ,CAAC;IAED,0CAA0C;IAC1C,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,MAAM,QAAQ,GAAG,aAAa,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC9C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC;YACtD,IAAI,QAAQ,IAAI,qBAAqB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACpD,MAAM,IAAI,QAAQ,CAChB,SAAS,CAAC,eAAe,EACzB,6CAA6C,QAAQ,EAAE,EACvD,aAAa,CACd,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,mBAAmB,GAAG,aAAa,CAAC,aAAa,CAAC,CAAC;IAEzD,IAAI,CAAC,8BAA8B,CAAC,mBAAmB,CAAC,EAAE,CAAC;QACzD,MAAM,IAAI,QAAQ,CAChB,SAAS,CAAC,eAAe,EACzB,wBAAwB,aAAa,kCAAkC,EACvE,aAAa,EACb,EAAE,cAAc,EAAE,mBAAmB,EAAE,CACxC,CAAC;IACJ,CAAC;IAED,IAAI,QAAgB,CAAC;IACrB,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC;IACpD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,SAAS,GAAG,KAA8B,CAAC;QACjD,IAAI,SAAS,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAChC,MAAM,IAAI,QAAQ,CAChB,SAAS,CAAC,WAAW,EACrB,wBAAwB,aAAa,EAAE,EACvC,aAAa,EACb,EAAE,YAAY,EAAE,SAAS,CAAC,IAAI,EAAE,EAChC,KAAK,CACN,CAAC;QACJ,CAAC;QACD,IAAI,SAAS,CAAC,IAAI,KAAK,QAAQ,IAAI,SAAS,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YAC9D,MAAM,IAAI,QAAQ,CAChB,SAAS,CAAC,mBAAmB,EAC7B,qCAAqC,aAAa,EAAE,EACpD,aAAa,EACb,EAAE,YAAY,EAAE,SAAS,CAAC,IAAI,EAAE,EAChC,KAAK,CACN,CAAC;QACJ,CAAC;QACD,IAAI,SAAS,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YAC/B,MAAM,IAAI,QAAQ,CAChB,SAAS,CAAC,qBAAqB,EAC/B,kEAAkE,aAAa,EAAE,EACjF,aAAa,EACb,EAAE,YAAY,EAAE,SAAS,CAAC,IAAI,EAAE,EAChC,KAAK,CACN,CAAC;QACJ,CAAC;QACD,IAAI,SAAS,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;YACtC,MAAM,IAAI,QAAQ,CAChB,SAAS,CAAC,eAAe,EACzB,uBAAuB,aAAa,EAAE,EACtC,aAAa,EACb,EAAE,YAAY,EAAE,SAAS,CAAC,IAAI,EAAE,EAChC,KAAK,CACN,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,QAAQ,CAChB,SAAS,CAAC,WAAW,EACrB,2BAA2B,aAAa,EAAE,EAC1C,aAAa,EACb,EAAE,YAAY,EAAE,SAAS,CAAC,IAAI,EAAE,eAAe,EAAE,SAAS,CAAC,OAAO,EAAE,EACpE,KAAK,CACN,CAAC;IACJ,CAAC;IACD,MAAM,cAAc,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IAE/C,IAAI,CAAC,8BAA8B,CAAC,cAAc,CAAC,EAAE,CAAC;QACpD,MAAM,WAAW,GAAG,qBAAqB,EAAE,CAAC;QAC5C,MAAM,UAAU,GACd,WAAW,CAAC,MAAM,GAAG,CAAC;YACpB,CAAC,CAAC,yBAAyB,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YAC1E,CAAC,CAAC,6EAA6E,CAAC;QAEpF,MAAM,IAAI,QAAQ,CAChB,SAAS,CAAC,eAAe,EACzB,wBAAwB,aAAa,wCAAwC,UAAU,EAAE,EACzF,aAAa,EACb,EAAE,YAAY,EAAE,QAAQ,EAAE,sBAAsB,EAAE,cAAc,EAAE,CACnE,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,mBAAmB,KAAK,cAAc,CAAC;IAEzD,OAAO;QACL,aAAa,EAAE,mBAAmB;QAClC,YAAY,EAAE,cAAc;QAC5B,SAAS;KACV,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,4BAA4B,CAChD,aAAqB;IAErB,OAAO,mCAAmC,CAAC,aAAa,CAAC,CAAC;AAC5D,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,aAAqB;IAErB,MAAM,OAAO,GAAG,MAAM,mCAAmC,CAAC,aAAa,CAAC,CAAC;IACzE,OAAO,OAAO,CAAC,YAAY,CAAC;AAC9B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,KAAa;IAEb,MAAM,SAAS,GAAa,EAAE,CAAC;IAE/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACpC,SAAS;QACX,CAAC;QAED,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACxC,MAAM,cAAc,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;YAE9C,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAC5C,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxB,IAAI,CAAC;oBACH,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;oBACnD,SAAS,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAC1C,CAAC;gBAAC,MAAM,CAAC;oBACP,6CAA6C;oBAC7C,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;gBACjC,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,CAAC,oCAAoC,cAAc,EAAE,CAAC,CAAC;YACtE,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC"}
+{"version":3,"file":"path-validation.js","sourceRoot":"","sources":["../../src/lib/path-validation.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,qBAAqB,EACrB,qBAAqB,EACrB,6BAA6B,EAC7B,wBAAwB,EACxB,qBAAqB,GACtB,MAAM,0CAA0C,CAAC;AAClD,OAAO,EACL,oBAAoB,EACpB,4BAA4B,GAC7B,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAAE,uBAAuB,EAAE,MAAM,4BAA4B,CAAC"}

package/dist/schemas/input-helpers.d.ts

@@ -0,0 +1,8 @@
+import { z } from 'zod';
+export declare function isSafeGlobPattern(value: string): boolean;
+export declare const EncodingSchema: z.ZodDefault<z.ZodOptional<z.ZodEnum<["utf-8", "utf8", "ascii", "base64", "hex", "latin1"]>>>;
+export declare const ReadFileMaxSizeSchema: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+export declare const ReadMultipleFilesMaxSizeSchema: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+export declare const ExcludePatternsSchema: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, string, string>, "many">>>;
+export declare const BasicExcludePatternsSchema: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
+//# sourceMappingURL=input-helpers.d.ts.map

package/dist/schemas/input-helpers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"input-helpers.d.ts","sourceRoot":"","sources":["../../src/schemas/input-helpers.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAIxB,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAaxD;AAED,eAAO,MAAM,cAAc,+FAIC,CAAC;AAU7B,eAAO,MAAM,qBAAqB,0CAEjC,CAAC;AAEF,eAAO,MAAM,8BAA8B,0CAE1C,CAAC;AAEF,eAAO,MAAM,qBAAqB,4FAWpB,CAAC;AAEf,eAAO,MAAM,0BAA0B,8DAIzB,CAAC"}

package/dist/schemas/input-helpers.js

@@ -0,0 +1,44 @@
+import { z } from 'zod';
+import { MAX_TEXT_FILE_SIZE } from '../lib/constants.js';
+export function isSafeGlobPattern(value) {
+    if (value.length === 0)
+        return false;
+    const absolutePattern = /^([/\\]|[A-Za-z]:[/\\]|\\\\)/u;
+    if (absolutePattern.test(value)) {
+        return false;
+    }
+    if (/[\\/]\.\.(?:[/\\]|$)/u.test(value) || value.startsWith('..')) {
+        return false;
+    }
+    return true;
+}
+export const EncodingSchema = z
+    .enum(['utf-8', 'utf8', 'ascii', 'base64', 'hex', 'latin1'])
+    .optional()
+    .default('utf-8')
+    .describe('File encoding');
+const MaxTextFileSizeSchema = z
+    .number()
+    .int('maxSize must be an integer')
+    .min(1, 'maxSize must be at least 1 byte')
+    .max(100 * 1024 * 1024, 'maxSize cannot exceed 100MB')
+    .optional()
+    .default(MAX_TEXT_FILE_SIZE);
+export const ReadFileMaxSizeSchema = MaxTextFileSizeSchema.describe('Maximum file size in bytes (default 10MB)');
+export const ReadMultipleFilesMaxSizeSchema = MaxTextFileSizeSchema.describe('Maximum file size in bytes per file (default 10MB)');
+export const ExcludePatternsSchema = z
+    .array(z
+    .string()
+    .max(500, 'Individual exclude pattern is too long')
+    .refine((val) => !val.includes('**/**/**'), {
+    message: 'Pattern too deeply nested (max 2 levels of **)',
+}))
+    .max(100, 'Too many exclude patterns (max 100)')
+    .optional()
+    .default([]);
+export const BasicExcludePatternsSchema = z
+    .array(z.string().max(500, 'Individual exclude pattern is too long'))
+    .max(100, 'Too many exclude patterns (max 100)')
+    .optional()
+    .default([]);
+//# sourceMappingURL=input-helpers.js.map

package/dist/schemas/input-helpers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"input-helpers.js","sourceRoot":"","sources":["../../src/schemas/input-helpers.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAEzD,MAAM,UAAU,iBAAiB,CAAC,KAAa;IAC7C,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAErC,MAAM,eAAe,GAAG,+BAA+B,CAAC;IACxD,IAAI,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAChC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,uBAAuB,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QAClE,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC;KAC5B,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;KAC3D,QAAQ,EAAE;KACV,OAAO,CAAC,OAAO,CAAC;KAChB,QAAQ,CAAC,eAAe,CAAC,CAAC;AAE7B,MAAM,qBAAqB,GAAG,CAAC;KAC5B,MAAM,EAAE;KACR,GAAG,CAAC,4BAA4B,CAAC;KACjC,GAAG,CAAC,CAAC,EAAE,iCAAiC,CAAC;KACzC,GAAG,CAAC,GAAG,GAAG,IAAI,GAAG,IAAI,EAAE,6BAA6B,CAAC;KACrD,QAAQ,EAAE;KACV,OAAO,CAAC,kBAAkB,CAAC,CAAC;AAE/B,MAAM,CAAC,MAAM,qBAAqB,GAAG,qBAAqB,CAAC,QAAQ,CACjE,2CAA2C,CAC5C,CAAC;AAEF,MAAM,CAAC,MAAM,8BAA8B,GAAG,qBAAqB,CAAC,QAAQ,CAC1E,oDAAoD,CACrD,CAAC;AAEF,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC;KACnC,KAAK,CACJ,CAAC;KACE,MAAM,EAAE;KACR,GAAG,CAAC,GAAG,EAAE,wCAAwC,CAAC;KAClD,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE;IAC1C,OAAO,EAAE,gDAAgD;CAC1D,CAAC,CACL;KACA,GAAG,CAAC,GAAG,EAAE,qCAAqC,CAAC;KAC/C,QAAQ,EAAE;KACV,OAAO,CAAC,EAAE,CAAC,CAAC;AAEf,MAAM,CAAC,MAAM,0BAA0B,GAAG,CAAC;KACxC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,wCAAwC,CAAC,CAAC;KACpE,GAAG,CAAC,GAAG,EAAE,qCAAqC,CAAC;KAC/C,QAAQ,EAAE;KACV,OAAO,CAAC,EAAE,CAAC,CAAC"}

package/dist/schemas/inputs.d.ts

@@ -12,13 +12,15 @@ export declare const SearchFilesInputSchema: {
     path: z.ZodString;
     pattern: z.ZodEffects<z.ZodString, string, string>;
     excludePatterns: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, string, string>, "many">>>;
-    maxResults: z.ZodOptional<z.ZodNumber>;
+    maxResults: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
     sortBy: z.ZodDefault<z.ZodOptional<z.ZodEnum<["name", "size", "modified", "path"]>>>;
     maxDepth: z.ZodOptional<z.ZodNumber>;
+    maxFilesScanned: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+    timeoutMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
 };
 export declare const ReadFileInputSchema: {
     path: z.ZodString;
-    encoding: z.ZodEffects<z.ZodDefault<z.ZodOptional<z.ZodEnum<["utf-8", "utf8", "ascii", "base64", "hex", "latin1"]>>>, "base64" | "ascii" | "utf8" | "utf-8" | "latin1" | "hex", "base64" | "ascii" | "utf8" | "utf-8" | "latin1" | "hex" | undefined>;
+    encoding: z.ZodDefault<z.ZodOptional<z.ZodEnum<["utf-8", "utf8", "ascii", "base64", "hex", "latin1"]>>>;
     maxSize: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
     lineStart: z.ZodOptional<z.ZodNumber>;
     lineEnd: z.ZodOptional<z.ZodNumber>;
@@ -39,14 +41,15 @@ export declare const GetFileInfoInputSchema: {
 export declare const SearchContentInputSchema: {
     path: z.ZodString;
     pattern: z.ZodString;
-    filePattern: z.ZodDefault<z.ZodOptional<z.ZodString>>;
+    filePattern: z.ZodEffects<z.ZodDefault<z.ZodOptional<z.ZodString>>, string, string | undefined>;
     excludePatterns: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, string, string>, "many">>>;
     caseSensitive: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
     maxResults: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
     maxFileSize: z.ZodOptional<z.ZodNumber>;
-    maxFilesScanned: z.ZodOptional<z.ZodNumber>;
-    timeoutMs: z.ZodOptional<z.ZodNumber>;
+    maxFilesScanned: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+    timeoutMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
     skipBinary: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+    includeHidden: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
     contextLines: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
     wholeWord: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
     isLiteral: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;

package/dist/schemas/inputs.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"inputs.d.ts","sourceRoot":"","sources":["../../src/schemas/inputs.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAWxB,eAAO,MAAM,wBAAwB;;;;;;;;CA4CpC,CAAC;AAEF,eAAO,MAAM,sBAAsB;;;;;;;CA6DlC,CAAC;AA2DF,eAAO,MAAM,mBAAmB;;;;;;;;CAA2B,CAAC;AAgD5D,eAAO,MAAM,4BAA4B;;;;;;;CAAoC,CAAC;AAE9E,eAAO,MAAM,sBAAsB;;CAKlC,CAAC;AAEF,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;CA+FpC,CAAC;AAEF,eAAO,MAAM,2BAA2B;;;;;;CAgCvC,CAAC;AAEF,eAAO,MAAM,wBAAwB;;;;;;;CAoCpC,CAAC;AAEF,eAAO,MAAM,wBAAwB;;;CAapC,CAAC"}
+{"version":3,"file":"inputs.d.ts","sourceRoot":"","sources":["../../src/schemas/inputs.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAoBxB,eAAO,MAAM,wBAAwB;;;;;;;;CA4CpC,CAAC;AAEF,eAAO,MAAM,sBAAsB;;;;;;;;;CAqElC,CAAC;AA2CF,eAAO,MAAM,mBAAmB;;;;;;;;CAA2B,CAAC;AAqC5D,eAAO,MAAM,4BAA4B;;;;;;;CAAoC,CAAC;AAE9E,eAAO,MAAM,sBAAsB;;CAKlC,CAAC;AAEF,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;CAgGpC,CAAC;AAEF,eAAO,MAAM,2BAA2B;;;;;;CA6BvC,CAAC;AAEF,eAAO,MAAM,wBAAwB;;;;;;;CAiCpC,CAAC;AAEF,eAAO,MAAM,wBAAwB;;;CAapC,CAAC"}