@j0hanz/filesystem-context-mcp 1.1.0 → 1.2.1

package/dist/lib/path-validation/allowed-directories.js

@@ -0,0 +1,94 @@
+import * as fs from 'node:fs/promises';
+import * as path from 'node:path';
+import { normalizePath } from '../path-utils.js';
+const PATH_SEPARATOR = process.platform === 'win32' ? '\\' : '/';
+let allowedDirectories = [];
+export const RESERVED_DEVICE_NAMES = new Set([
+    'CON',
+    'PRN',
+    'AUX',
+    'NUL',
+    'COM1',
+    'COM2',
+    'COM3',
+    'COM4',
+    'COM5',
+    'COM6',
+    'COM7',
+    'COM8',
+    'COM9',
+    'LPT1',
+    'LPT2',
+    'LPT3',
+    'LPT4',
+    'LPT5',
+    'LPT6',
+    'LPT7',
+    'LPT8',
+    'LPT9',
+]);
+export function normalizeForComparison(p) {
+    return process.platform === 'win32' ? p.toLowerCase() : p;
+}
+function stripTrailingSeparator(normalized) {
+    return normalized.endsWith(PATH_SEPARATOR)
+        ? normalized.slice(0, -1)
+        : normalized;
+}
+export function normalizeAllowedDirectory(dir) {
+    const normalized = normalizePath(dir);
+    if (normalized.length === 0)
+        return '';
+    const { root } = path.parse(normalized);
+    const isRoot = normalizeForComparison(root) === normalizeForComparison(normalized);
+    if (isRoot)
+        return root;
+    return stripTrailingSeparator(normalized);
+}
+export function setAllowedDirectories(dirs) {
+    const normalized = dirs
+        .map(normalizeAllowedDirectory)
+        .filter((d) => d.length > 0);
+    allowedDirectories = [...new Set(normalized)];
+}
+export function getAllowedDirectories() {
+    return [...allowedDirectories];
+}
+export function isPathWithinAllowedDirectories(normalizedPath) {
+    const candidate = normalizeForComparison(normalizedPath);
+    return allowedDirectories.some((allowedDir) => {
+        const allowed = normalizeForComparison(allowedDir);
+        const root = normalizeForComparison(path.parse(allowedDir).root);
+        if (allowed === root) {
+            return candidate.startsWith(allowed);
+        }
+        return (candidate === allowed || candidate.startsWith(allowed + PATH_SEPARATOR));
+    });
+}
+export async function expandAllowedDirectories(dirs) {
+    const expanded = [];
+    for (const dir of dirs) {
+        const normalized = normalizeAllowedDirectory(dir);
+        if (!normalized)
+            continue;
+        expanded.push(normalized);
+        try {
+            const realPath = await fs.realpath(normalized);
+            const normalizedReal = normalizeAllowedDirectory(realPath);
+            if (normalizedReal &&
+                normalizeForComparison(normalizedReal) !==
+                    normalizeForComparison(normalized)) {
+                expanded.push(normalizedReal);
+            }
+        }
+        catch {
+            // Keep normalized path if realpath fails
+        }
+    }
+    return [...new Set(expanded)];
+}
+export async function setAllowedDirectoriesResolved(dirs) {
+    const expanded = await expandAllowedDirectories(dirs);
+    setAllowedDirectories(expanded);
+}
+//# sourceMappingURL=allowed-directories.js.map

package/dist/lib/path-validation/allowed-directories.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"allowed-directories.js","sourceRoot":"","sources":["../../../src/lib/path-validation/allowed-directories.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACvC,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEjD,MAAM,cAAc,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;AAEjE,IAAI,kBAAkB,GAAa,EAAE,CAAC;AAEtC,MAAM,CAAC,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC;IAC3C,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;CACP,CAAC,CAAC;AAEH,MAAM,UAAU,sBAAsB,CAAC,CAAS;IAC9C,OAAO,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;AAC5D,CAAC;AAED,SAAS,sBAAsB,CAAC,UAAkB;IAChD,OAAO,UAAU,CAAC,QAAQ,CAAC,cAAc,CAAC;QACxC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACzB,CAAC,CAAC,UAAU,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,GAAW;IACnD,MAAM,UAAU,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;IACtC,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAEvC,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IACxC,MAAM,MAAM,GACV,sBAAsB,CAAC,IAAI,CAAC,KAAK,sBAAsB,CAAC,UAAU,CAAC,CAAC;IACtE,IAAI,MAAM;QAAE,OAAO,IAAI,CAAC;IAExB,OAAO,sBAAsB,CAAC,UAAU,CAAC,CAAC;AAC5C,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,IAAc;IAClD,MAAM,UAAU,GAAG,IAAI;SACpB,GAAG,CAAC,yBAAyB,CAAC;SAC9B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC/B,kBAAkB,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;AAChD,CAAC;AAED,MAAM,UAAU,qBAAqB;IACnC,OAAO,CAAC,GAAG,kBAAkB,CAAC,CAAC;AACjC,CAAC;AAED,MAAM,UAAU,8BAA8B,CAC5C,cAAsB;IAEtB,MAAM,SAAS,GAAG,sBAAsB,CAAC,cAAc,CAAC,CAAC;IACzD,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,EAAE;QAC5C,MAAM,OAAO,GAAG,sBAAsB,CAAC,UAAU,CAAC,CAAC;QACnD,MAAM,IAAI,GAAG,sBAAsB,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC;QACjE,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;YACrB,OAAO,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QACvC,CAAC;QACD,OAAO,CACL,SAAS,KAAK,OAAO,IAAI,SAAS,CAAC,UAAU,CAAC,OAAO,GAAG,cAAc,CAAC,CACxE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,IAAc;IAEd,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,UAAU,GAAG,yBAAyB,CAAC,GAAG,CAAC,CAAC;QAClD,IAAI,CAAC,UAAU;YAAE,SAAS;QAC1B,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAE1B,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YAC/C,MAAM,cAAc,GAAG,yBAAyB,CAAC,QAAQ,CAAC,CAAC;YAC3D,IACE,cAAc;gBACd,sBAAsB,CAAC,cAAc,CAAC;oBACpC,sBAAsB,CAAC,UAAU,CAAC,EACpC,CAAC;gBACD,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,yCAAyC;QAC3C,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;AAChC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,6BAA6B,CACjD,IAAc;IAEd,MAAM,QAAQ,GAAG,MAAM,wBAAwB,CAAC,IAAI,CAAC,CAAC;IACtD,qBAAqB,CAAC,QAAQ,CAAC,CAAC;AAClC,CAAC"}

package/dist/lib/path-validation/errors.d.ts

@@ -0,0 +1,5 @@
+import { McpError } from '../errors.js';
+export declare function buildAllowedDirectoriesHint(): string;
+export declare function toMcpError(requestedPath: string, error: unknown): McpError;
+export declare function toAccessDeniedWithHint(requestedPath: string, resolvedPath: string, normalizedResolved: string): McpError;
+//# sourceMappingURL=errors.d.ts.map

package/dist/lib/path-validation/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../src/lib/path-validation/errors.ts"],"names":[],"mappings":"AAAA,OAAO,EAAa,QAAQ,EAAE,MAAM,cAAc,CAAC;AAanD,wBAAgB,2BAA2B,IAAI,MAAM,CAKpD;AAED,wBAAgB,UAAU,CAAC,aAAa,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,GAAG,QAAQ,CAmD1E;AAED,wBAAgB,sBAAsB,CACpC,aAAa,EAAE,MAAM,EACrB,YAAY,EAAE,MAAM,EACpB,kBAAkB,EAAE,MAAM,GACzB,QAAQ,CAQV"}

package/dist/lib/path-validation/errors.js

@@ -0,0 +1,33 @@
+import { ErrorCode, McpError } from '../errors.js';
+import { getAllowedDirectories } from './allowed-directories.js';
+function createMcpError(code, message, requestedPath, details, cause) {
+    return new McpError(code, message, requestedPath, details, cause);
+}
+export function buildAllowedDirectoriesHint() {
+    const allowedDirs = getAllowedDirectories();
+    return allowedDirs.length > 0
+        ? `Allowed directories:\n${allowedDirs.map((d) => `  - ${d}`).join('\n')}`
+        : 'No allowed directories configured. Use CLI arguments or MCP roots protocol.';
+}
+export function toMcpError(requestedPath, error) {
+    const nodeError = error;
+    const { code } = nodeError;
+    if (code === 'ENOENT') {
+        return createMcpError(ErrorCode.E_NOT_FOUND, `Path does not exist: ${requestedPath}`, requestedPath, { originalCode: code }, error);
+    }
+    if (code === 'EACCES' || code === 'EPERM') {
+        return createMcpError(ErrorCode.E_PERMISSION_DENIED, `Permission denied accessing path: ${requestedPath}`, requestedPath, { originalCode: code }, error);
+    }
+    if (code === 'ELOOP') {
+        return createMcpError(ErrorCode.E_SYMLINK_NOT_ALLOWED, `Too many symbolic links in path (possible circular reference): ${requestedPath}`, requestedPath, { originalCode: code }, error);
+    }
+    if (code === 'ENAMETOOLONG') {
+        return createMcpError(ErrorCode.E_INVALID_INPUT, `Path name too long: ${requestedPath}`, requestedPath, { originalCode: code }, error);
+    }
+    return createMcpError(ErrorCode.E_NOT_FOUND, `Path is not accessible: ${requestedPath}`, requestedPath, { originalCode: code, originalMessage: nodeError.message }, error);
+}
+export function toAccessDeniedWithHint(requestedPath, resolvedPath, normalizedResolved) {
+    const suggestion = buildAllowedDirectoriesHint();
+    return new McpError(ErrorCode.E_ACCESS_DENIED, `Access denied: Path '${requestedPath}' is outside allowed directories.\n\n${suggestion}`, requestedPath, { resolvedPath, normalizedResolvedPath: normalizedResolved });
+}
+//# sourceMappingURL=errors.js.map

package/dist/lib/path-validation/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../../src/lib/path-validation/errors.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AACnD,OAAO,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AAEjE,SAAS,cAAc,CACrB,IAAe,EACf,OAAe,EACf,aAAqB,EACrB,OAAgC,EAChC,KAAc;IAEd,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,OAAO,EAAE,aAAa,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;AACpE,CAAC;AAED,MAAM,UAAU,2BAA2B;IACzC,MAAM,WAAW,GAAG,qBAAqB,EAAE,CAAC;IAC5C,OAAO,WAAW,CAAC,MAAM,GAAG,CAAC;QAC3B,CAAC,CAAC,yBAAyB,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QAC1E,CAAC,CAAC,6EAA6E,CAAC;AACpF,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,aAAqB,EAAE,KAAc;IAC9D,MAAM,SAAS,GAAG,KAA8B,CAAC;IACjD,MAAM,EAAE,IAAI,EAAE,GAAG,SAAS,CAAC;IAE3B,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtB,OAAO,cAAc,CACnB,SAAS,CAAC,WAAW,EACrB,wBAAwB,aAAa,EAAE,EACvC,aAAa,EACb,EAAE,YAAY,EAAE,IAAI,EAAE,EACtB,KAAK,CACN,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QAC1C,OAAO,cAAc,CACnB,SAAS,CAAC,mBAAmB,EAC7B,qCAAqC,aAAa,EAAE,EACpD,aAAa,EACb,EAAE,YAAY,EAAE,IAAI,EAAE,EACtB,KAAK,CACN,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QACrB,OAAO,cAAc,CACnB,SAAS,CAAC,qBAAqB,EAC/B,kEAAkE,aAAa,EAAE,EACjF,aAAa,EACb,EAAE,YAAY,EAAE,IAAI,EAAE,EACtB,KAAK,CACN,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,KAAK,cAAc,EAAE,CAAC;QAC5B,OAAO,cAAc,CACnB,SAAS,CAAC,eAAe,EACzB,uBAAuB,aAAa,EAAE,EACtC,aAAa,EACb,EAAE,YAAY,EAAE,IAAI,EAAE,EACtB,KAAK,CACN,CAAC;IACJ,CAAC;IAED,OAAO,cAAc,CACnB,SAAS,CAAC,WAAW,EACrB,2BAA2B,aAAa,EAAE,EAC1C,aAAa,EACb,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,SAAS,CAAC,OAAO,EAAE,EAC1D,KAAK,CACN,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,sBAAsB,CACpC,aAAqB,EACrB,YAAoB,EACpB,kBAA0B;IAE1B,MAAM,UAAU,GAAG,2BAA2B,EAAE,CAAC;IACjD,OAAO,IAAI,QAAQ,CACjB,SAAS,CAAC,eAAe,EACzB,wBAAwB,aAAa,wCAAwC,UAAU,EAAE,EACzF,aAAa,EACb,EAAE,YAAY,EAAE,sBAAsB,EAAE,kBAAkB,EAAE,CAC7D,CAAC;AACJ,CAAC"}

package/dist/lib/path-validation/roots.d.ts

@@ -0,0 +1,3 @@
+import type { Root } from '@modelcontextprotocol/sdk/types.js';
+export declare function getValidRootDirectories(roots: Root[]): Promise<string[]>;
+//# sourceMappingURL=roots.d.ts.map

package/dist/lib/path-validation/roots.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"roots.d.ts","sourceRoot":"","sources":["../../../src/lib/path-validation/roots.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AA2C/D,wBAAsB,uBAAuB,CAC3C,KAAK,EAAE,IAAI,EAAE,GACZ,OAAO,CAAC,MAAM,EAAE,CAAC,CAcnB"}

package/dist/lib/path-validation/roots.js

@@ -0,0 +1,49 @@
+import * as fs from 'node:fs/promises';
+import { fileURLToPath } from 'node:url';
+import { normalizePath } from '../path-utils.js';
+import { normalizeForComparison } from './allowed-directories.js';
+function isFileRoot(root) {
+    return root.uri.startsWith('file://');
+}
+async function maybeAddRealPath(normalizedPath, validDirs) {
+    try {
+        const realPath = await fs.realpath(normalizedPath);
+        const normalizedReal = normalizePath(realPath);
+        if (normalizeForComparison(normalizedReal) !==
+            normalizeForComparison(normalizedPath)) {
+            validDirs.push(normalizedReal);
+        }
+    }
+    catch {
+        // If realpath fails, use the normalized path only
+    }
+}
+async function resolveRootDirectory(root) {
+    try {
+        const dirPath = fileURLToPath(root.uri);
+        const normalizedPath = normalizePath(dirPath);
+        const stats = await fs.stat(normalizedPath);
+        if (!stats.isDirectory()) {
+            console.error(`Skipping root (not a directory): ${normalizedPath}`);
+            return null;
+        }
+        return normalizedPath;
+    }
+    catch {
+        return null;
+    }
+}
+export async function getValidRootDirectories(roots) {
+    const validDirs = [];
+    for (const root of roots) {
+        if (!isFileRoot(root))
+            continue;
+        const normalizedPath = await resolveRootDirectory(root);
+        if (!normalizedPath)
+            continue;
+        validDirs.push(normalizedPath);
+        await maybeAddRealPath(normalizedPath, validDirs);
+    }
+    return validDirs;
+}
+//# sourceMappingURL=roots.js.map

package/dist/lib/path-validation/roots.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"roots.js","sourceRoot":"","sources":["../../../src/lib/path-validation/roots.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAIzC,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAElE,SAAS,UAAU,CAAC,IAAU;IAC5B,OAAO,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;AACxC,CAAC;AAED,KAAK,UAAU,gBAAgB,CAC7B,cAAsB,EACtB,SAAmB;IAEnB,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;QACnD,MAAM,cAAc,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;QAC/C,IACE,sBAAsB,CAAC,cAAc,CAAC;YACtC,sBAAsB,CAAC,cAAc,CAAC,EACtC,CAAC;YACD,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,kDAAkD;IACpD,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB,CAAC,IAAU;IAC5C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACxC,MAAM,cAAc,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;QAC9C,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAC5C,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACzB,OAAO,CAAC,KAAK,CAAC,oCAAoC,cAAc,EAAE,CAAC,CAAC;YACpE,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,cAAc,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,KAAa;IAEb,MAAM,SAAS,GAAa,EAAE,CAAC;IAE/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,SAAS;QAEhC,MAAM,cAAc,GAAG,MAAM,oBAAoB,CAAC,IAAI,CAAC,CAAC;QACxD,IAAI,CAAC,cAAc;YAAE,SAAS;QAE9B,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAC/B,MAAM,gBAAgB,CAAC,cAAc,EAAE,SAAS,CAAC,CAAC;IACpD,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC"}

package/dist/lib/path-validation/validators.d.ts

@@ -0,0 +1,9 @@
+interface ValidatedPathDetails {
+    requestedPath: string;
+    resolvedPath: string;
+    isSymlink: boolean;
+}
+export declare function validateExistingPathDetailed(requestedPath: string): Promise<ValidatedPathDetails>;
+export declare function validateExistingPath(requestedPath: string): Promise<string>;
+export {};
+//# sourceMappingURL=validators.d.ts.map

package/dist/lib/path-validation/validators.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validators.d.ts","sourceRoot":"","sources":["../../../src/lib/path-validation/validators.ts"],"names":[],"mappings":"AAWA,UAAU,oBAAoB;IAC5B,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,OAAO,CAAC;CACpB;AAgGD,wBAAsB,4BAA4B,CAChD,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,oBAAoB,CAAC,CAE/B;AAED,wBAAsB,oBAAoB,CACxC,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,MAAM,CAAC,CAGjB"}

package/dist/lib/path-validation/validators.js

@@ -0,0 +1,70 @@
+import * as fs from 'node:fs/promises';
+import { ErrorCode, McpError } from '../errors.js';
+import { normalizePath } from '../path-utils.js';
+import { isPathWithinAllowedDirectories, normalizeForComparison, RESERVED_DEVICE_NAMES, } from './allowed-directories.js';
+import { toAccessDeniedWithHint, toMcpError } from './errors.js';
+function ensureNonEmptyPath(requestedPath) {
+    if (!requestedPath || requestedPath.trim().length === 0) {
+        throw new McpError(ErrorCode.E_INVALID_INPUT, 'Path cannot be empty or whitespace', requestedPath);
+    }
+}
+function ensureNoNullBytes(requestedPath) {
+    if (requestedPath.includes('\0')) {
+        throw new McpError(ErrorCode.E_INVALID_INPUT, 'Path contains null bytes', requestedPath);
+    }
+}
+function ensureNoReservedWindowsNames(requestedPath) {
+    if (process.platform !== 'win32')
+        return;
+    const segments = requestedPath.split(/[\\/]/);
+    for (const segment of segments) {
+        const baseName = segment.split('.')[0]?.toUpperCase();
+        if (baseName && RESERVED_DEVICE_NAMES.has(baseName)) {
+            throw new McpError(ErrorCode.E_INVALID_INPUT, `Windows reserved device name not allowed: ${baseName}`, requestedPath);
+        }
+    }
+}
+function ensureWithinAllowedDirectories(normalizedPath, requestedPath, details) {
+    if (isPathWithinAllowedDirectories(normalizedPath))
+        return;
+    throw new McpError(ErrorCode.E_ACCESS_DENIED, `Access denied: Path '${requestedPath}' is outside allowed directories`, requestedPath, details);
+}
+function validateRequestedPath(requestedPath) {
+    ensureNonEmptyPath(requestedPath);
+    ensureNoNullBytes(requestedPath);
+    ensureNoReservedWindowsNames(requestedPath);
+    return normalizePath(requestedPath);
+}
+async function resolveRealPath(requestedPath, normalizedRequested) {
+    try {
+        return await fs.realpath(normalizedRequested);
+    }
+    catch (error) {
+        throw toMcpError(requestedPath, error);
+    }
+}
+async function validateExistingPathDetailsInternal(requestedPath) {
+    const normalizedRequested = validateRequestedPath(requestedPath);
+    ensureWithinAllowedDirectories(normalizedRequested, requestedPath, {
+        normalizedPath: normalizedRequested,
+    });
+    const realPath = await resolveRealPath(requestedPath, normalizedRequested);
+    const normalizedReal = normalizePath(realPath);
+    if (!isPathWithinAllowedDirectories(normalizedReal)) {
+        throw toAccessDeniedWithHint(requestedPath, realPath, normalizedReal);
+    }
+    return {
+        requestedPath: normalizedRequested,
+        resolvedPath: normalizedReal,
+        isSymlink: normalizeForComparison(normalizedRequested) !==
+            normalizeForComparison(normalizedReal),
+    };
+}
+export async function validateExistingPathDetailed(requestedPath) {
+    return validateExistingPathDetailsInternal(requestedPath);
+}
+export async function validateExistingPath(requestedPath) {
+    const details = await validateExistingPathDetailsInternal(requestedPath);
+    return details.resolvedPath;
+}
+//# sourceMappingURL=validators.js.map

package/dist/lib/path-validation/validators.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validators.js","sourceRoot":"","sources":["../../../src/lib/path-validation/validators.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAEvC,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EACL,8BAA8B,EAC9B,sBAAsB,EACtB,qBAAqB,GACtB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,sBAAsB,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAQjE,SAAS,kBAAkB,CAAC,aAAqB;IAC/C,IAAI,CAAC,aAAa,IAAI,aAAa,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxD,MAAM,IAAI,QAAQ,CAChB,SAAS,CAAC,eAAe,EACzB,oCAAoC,EACpC,aAAa,CACd,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,aAAqB;IAC9C,IAAI,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,QAAQ,CAChB,SAAS,CAAC,eAAe,EACzB,0BAA0B,EAC1B,aAAa,CACd,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,4BAA4B,CAAC,aAAqB;IACzD,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO;QAAE,OAAO;IAEzC,MAAM,QAAQ,GAAG,aAAa,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC9C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC;QACtD,IAAI,QAAQ,IAAI,qBAAqB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YACpD,MAAM,IAAI,QAAQ,CAChB,SAAS,CAAC,eAAe,EACzB,6CAA6C,QAAQ,EAAE,EACvD,aAAa,CACd,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,8BAA8B,CACrC,cAAsB,EACtB,aAAqB,EACrB,OAAiC;IAEjC,IAAI,8BAA8B,CAAC,cAAc,CAAC;QAAE,OAAO;IAE3D,MAAM,IAAI,QAAQ,CAChB,SAAS,CAAC,eAAe,EACzB,wBAAwB,aAAa,kCAAkC,EACvE,aAAa,EACb,OAAO,CACR,CAAC;AACJ,CAAC;AAED,SAAS,qBAAqB,CAAC,aAAqB;IAClD,kBAAkB,CAAC,aAAa,CAAC,CAAC;IAClC,iBAAiB,CAAC,aAAa,CAAC,CAAC;IACjC,4BAA4B,CAAC,aAAa,CAAC,CAAC;IAC5C,OAAO,aAAa,CAAC,aAAa,CAAC,CAAC;AACtC,CAAC;AAED,KAAK,UAAU,eAAe,CAC5B,aAAqB,EACrB,mBAA2B;IAE3B,IAAI,CAAC;QACH,OAAO,MAAM,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC;IAChD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,UAAU,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;IACzC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,mCAAmC,CAChD,aAAqB;IAErB,MAAM,mBAAmB,GAAG,qBAAqB,CAAC,aAAa,CAAC,CAAC;IAEjE,8BAA8B,CAAC,mBAAmB,EAAE,aAAa,EAAE;QACjE,cAAc,EAAE,mBAAmB;KACpC,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,aAAa,EAAE,mBAAmB,CAAC,CAAC;IAC3E,MAAM,cAAc,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IAE/C,IAAI,CAAC,8BAA8B,CAAC,cAAc,CAAC,EAAE,CAAC;QACpD,MAAM,sBAAsB,CAAC,aAAa,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAC;IACxE,CAAC;IAED,OAAO;QACL,aAAa,EAAE,mBAAmB;QAClC,YAAY,EAAE,cAAc;QAC5B,SAAS,EACP,sBAAsB,CAAC,mBAAmB,CAAC;YAC3C,sBAAsB,CAAC,cAAc,CAAC;KACzC,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,4BAA4B,CAChD,aAAqB;IAErB,OAAO,mCAAmC,CAAC,aAAa,CAAC,CAAC;AAC5D,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,aAAqB;IAErB,MAAM,OAAO,GAAG,MAAM,mCAAmC,CAAC,aAAa,CAAC,CAAC;IACzE,OAAO,OAAO,CAAC,YAAY,CAAC;AAC9B,CAAC"}

package/dist/lib/path-validation.d.ts

@@ -1,8 +1,4 @@
-import type { Root } from '@modelcontextprotocol/sdk/types.js';
-import type { ValidatedPathDetails } from '../config/types.js';
-export declare function setAllowedDirectories(dirs: string[]): void;
-export declare function getAllowedDirectories(): string[];
-export declare function validateExistingPathDetailed(requestedPath: string): Promise<ValidatedPathDetails>;
-export declare function validateExistingPath(requestedPath: string): Promise<string>;
-export declare function getValidRootDirectories(roots: Root[]): Promise<string[]>;
+export { getAllowedDirectories, setAllowedDirectories, setAllowedDirectoriesResolved, expandAllowedDirectories, RESERVED_DEVICE_NAMES, } from './path-validation/allowed-directories.js';
+export { validateExistingPath, validateExistingPathDetailed, } from './path-validation/validators.js';
+export { getValidRootDirectories } from './path-validation/roots.js';
 //# sourceMappingURL=path-validation.d.ts.map

package/dist/lib/path-validation.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"path-validation.d.ts","sourceRoot":"","sources":["../../src/lib/path-validation.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAE/D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAM/D,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAG1D;AAED,wBAAgB,qBAAqB,IAAI,MAAM,EAAE,CAEhD;AAoKD,wBAAsB,4BAA4B,CAChD,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,oBAAoB,CAAC,CAE/B;AAED,wBAAsB,oBAAoB,CACxC,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,MAAM,CAAC,CAGjB;AAED,wBAAsB,uBAAuB,CAC3C,KAAK,EAAE,IAAI,EAAE,GACZ,OAAO,CAAC,MAAM,EAAE,CAAC,CA8BnB"}
+{"version":3,"file":"path-validation.d.ts","sourceRoot":"","sources":["../../src/lib/path-validation.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,qBAAqB,EACrB,qBAAqB,EACrB,6BAA6B,EAC7B,wBAAwB,EACxB,qBAAqB,GACtB,MAAM,0CAA0C,CAAC;AAClD,OAAO,EACL,oBAAoB,EACpB,4BAA4B,GAC7B,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAAE,uBAAuB,EAAE,MAAM,4BAA4B,CAAC"}

package/dist/lib/path-validation.js

@@ -1,142 +1,4 @@
-import * as fs from 'node:fs/promises';
-import { fileURLToPath } from 'node:url';
-import { ErrorCode, McpError } from './errors.js';
-import { normalizePath } from './path-utils.js';
-let allowedDirectories = [];
-export function setAllowedDirectories(dirs) {
-    const normalized = dirs.map(normalizePath).filter((d) => d.length > 0);
-    allowedDirectories = [...new Set(normalized)];
-}
-export function getAllowedDirectories() {
-    return [...allowedDirectories];
-}
-const PATH_SEPARATOR = process.platform === 'win32' ? '\\' : '/';
-function normalizeForComparison(p) {
-    return process.platform === 'win32' ? p.toLowerCase() : p;
-}
-function isPathWithinAllowedDirectories(normalizedPath) {
-    const candidate = normalizeForComparison(normalizedPath);
-    return allowedDirectories.some((allowedDir) => {
-        const allowed = normalizeForComparison(allowedDir);
-        return (candidate === allowed || candidate.startsWith(allowed + PATH_SEPARATOR));
-    });
-}
-const RESERVED_DEVICE_NAMES = new Set([
-    'CON',
-    'PRN',
-    'AUX',
-    'NUL',
-    'COM1',
-    'COM2',
-    'COM3',
-    'COM4',
-    'COM5',
-    'COM6',
-    'COM7',
-    'COM8',
-    'COM9',
-    'LPT1',
-    'LPT2',
-    'LPT3',
-    'LPT4',
-    'LPT5',
-    'LPT6',
-    'LPT7',
-    'LPT8',
-    'LPT9',
-]);
-async function validateExistingPathDetailsInternal(requestedPath) {
-    if (!requestedPath || requestedPath.trim().length === 0) {
-        throw new McpError(ErrorCode.E_INVALID_INPUT, 'Path cannot be empty or whitespace', requestedPath);
-    }
-    // Check for null bytes (path truncation attack prevention)
-    if (requestedPath.includes('\0')) {
-        throw new McpError(ErrorCode.E_INVALID_INPUT, 'Path contains null bytes', requestedPath);
-    }
-    // Check for Windows reserved device names
-    if (process.platform === 'win32') {
-        const segments = requestedPath.split(/[\\/]/);
-        for (const segment of segments) {
-            const baseName = segment.split('.')[0]?.toUpperCase();
-            if (baseName && RESERVED_DEVICE_NAMES.has(baseName)) {
-                throw new McpError(ErrorCode.E_INVALID_INPUT, `Windows reserved device name not allowed: ${baseName}`, requestedPath);
-            }
-        }
-    }
-    const normalizedRequested = normalizePath(requestedPath);
-    if (!isPathWithinAllowedDirectories(normalizedRequested)) {
-        throw new McpError(ErrorCode.E_ACCESS_DENIED, `Access denied: Path '${requestedPath}' is outside allowed directories`, requestedPath, { normalizedPath: normalizedRequested });
-    }
-    let realPath;
-    try {
-        realPath = await fs.realpath(normalizedRequested);
-    }
-    catch (error) {
-        const nodeError = error;
-        if (nodeError.code === 'ENOENT') {
-            throw new McpError(ErrorCode.E_NOT_FOUND, `Path does not exist: ${requestedPath}`, requestedPath, { originalCode: nodeError.code }, error);
-        }
-        if (nodeError.code === 'EACCES' || nodeError.code === 'EPERM') {
-            throw new McpError(ErrorCode.E_PERMISSION_DENIED, `Permission denied accessing path: ${requestedPath}`, requestedPath, { originalCode: nodeError.code }, error);
-        }
-        if (nodeError.code === 'ELOOP') {
-            throw new McpError(ErrorCode.E_SYMLINK_NOT_ALLOWED, `Too many symbolic links in path (possible circular reference): ${requestedPath}`, requestedPath, { originalCode: nodeError.code }, error);
-        }
-        if (nodeError.code === 'ENAMETOOLONG') {
-            throw new McpError(ErrorCode.E_INVALID_INPUT, `Path name too long: ${requestedPath}`, requestedPath, { originalCode: nodeError.code }, error);
-        }
-        throw new McpError(ErrorCode.E_NOT_FOUND, `Path is not accessible: ${requestedPath}`, requestedPath, { originalCode: nodeError.code, originalMessage: nodeError.message }, error);
-    }
-    const normalizedReal = normalizePath(realPath);
-    if (!isPathWithinAllowedDirectories(normalizedReal)) {
-        const allowedDirs = getAllowedDirectories();
-        const suggestion = allowedDirs.length > 0
-            ? `Allowed directories:\n${allowedDirs.map((d) => `  - ${d}`).join('\n')}`
-            : 'No allowed directories configured. Use CLI arguments or MCP roots protocol.';
-        throw new McpError(ErrorCode.E_ACCESS_DENIED, `Access denied: Path '${requestedPath}' is outside allowed directories.\n\n${suggestion}`, requestedPath, { resolvedPath: realPath, normalizedResolvedPath: normalizedReal });
-    }
-    const isSymlink = normalizedRequested !== normalizedReal;
-    return {
-        requestedPath: normalizedRequested,
-        resolvedPath: normalizedReal,
-        isSymlink,
-    };
-}
-export async function validateExistingPathDetailed(requestedPath) {
-    return validateExistingPathDetailsInternal(requestedPath);
-}
-export async function validateExistingPath(requestedPath) {
-    const details = await validateExistingPathDetailsInternal(requestedPath);
-    return details.resolvedPath;
-}
-export async function getValidRootDirectories(roots) {
-    const validDirs = [];
-    for (const root of roots) {
-        if (!root.uri.startsWith('file://')) {
-            continue;
-        }
-        try {
-            const dirPath = fileURLToPath(root.uri);
-            const normalizedPath = normalizePath(dirPath);
-            const stats = await fs.stat(normalizedPath);
-            if (stats.isDirectory()) {
-                try {
-                    const realPath = await fs.realpath(normalizedPath);
-                    validDirs.push(normalizePath(realPath));
-                }
-                catch {
-                    // If realpath fails, use the normalized path
-                    validDirs.push(normalizedPath);
-                }
-            }
-            else {
-                console.error(`Skipping root (not a directory): ${normalizedPath}`);
-            }
-        }
-        catch {
-            continue;
-        }
-    }
-    return validDirs;
-}
+export { getAllowedDirectories, setAllowedDirectories, setAllowedDirectoriesResolved, expandAllowedDirectories, RESERVED_DEVICE_NAMES, } from './path-validation/allowed-directories.js';
+export { validateExistingPath, validateExistingPathDetailed, } from './path-validation/validators.js';
+export { getValidRootDirectories } from './path-validation/roots.js';
 //# sourceMappingURL=path-validation.js.map

package/dist/lib/path-validation.js.map

@@ -1 +1 @@
-{"version":3,"file":"path-validation.js","sourceRoot":"","sources":["../../src/lib/path-validation.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAKzC,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD,IAAI,kBAAkB,GAAa,EAAE,CAAC;AAEtC,MAAM,UAAU,qBAAqB,CAAC,IAAc;IAClD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACvE,kBAAkB,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;AAChD,CAAC;AAED,MAAM,UAAU,qBAAqB;IACnC,OAAO,CAAC,GAAG,kBAAkB,CAAC,CAAC;AACjC,CAAC;AAED,MAAM,cAAc,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;AAEjE,SAAS,sBAAsB,CAAC,CAAS;IACvC,OAAO,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;AAC5D,CAAC;AAED,SAAS,8BAA8B,CAAC,cAAsB;IAC5D,MAAM,SAAS,GAAG,sBAAsB,CAAC,cAAc,CAAC,CAAC;IACzD,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,EAAE;QAC5C,MAAM,OAAO,GAAG,sBAAsB,CAAC,UAAU,CAAC,CAAC;QACnD,OAAO,CACL,SAAS,KAAK,OAAO,IAAI,SAAS,CAAC,UAAU,CAAC,OAAO,GAAG,cAAc,CAAC,CACxE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC;IACpC,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;CACP,CAAC,CAAC;AAEH,KAAK,UAAU,mCAAmC,CAChD,aAAqB;IAErB,IAAI,CAAC,aAAa,IAAI,aAAa,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxD,MAAM,IAAI,QAAQ,CAChB,SAAS,CAAC,eAAe,EACzB,oCAAoC,EACpC,aAAa,CACd,CAAC;IACJ,CAAC;IAED,2DAA2D;IAC3D,IAAI,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,QAAQ,CAChB,SAAS,CAAC,eAAe,EACzB,0BAA0B,EAC1B,aAAa,CACd,CAAC;IACJ,CAAC;IAED,0CAA0C;IAC1C,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,MAAM,QAAQ,GAAG,aAAa,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC9C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC;YACtD,IAAI,QAAQ,IAAI,qBAAqB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACpD,MAAM,IAAI,QAAQ,CAChB,SAAS,CAAC,eAAe,EACzB,6CAA6C,QAAQ,EAAE,EACvD,aAAa,CACd,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,mBAAmB,GAAG,aAAa,CAAC,aAAa,CAAC,CAAC;IAEzD,IAAI,CAAC,8BAA8B,CAAC,mBAAmB,CAAC,EAAE,CAAC;QACzD,MAAM,IAAI,QAAQ,CAChB,SAAS,CAAC,eAAe,EACzB,wBAAwB,aAAa,kCAAkC,EACvE,aAAa,EACb,EAAE,cAAc,EAAE,mBAAmB,EAAE,CACxC,CAAC;IACJ,CAAC;IAED,IAAI,QAAgB,CAAC;IACrB,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC;IACpD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,SAAS,GAAG,KAA8B,CAAC;QACjD,IAAI,SAAS,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAChC,MAAM,IAAI,QAAQ,CAChB,SAAS,CAAC,WAAW,EACrB,wBAAwB,aAAa,EAAE,EACvC,aAAa,EACb,EAAE,YAAY,EAAE,SAAS,CAAC,IAAI,EAAE,EAChC,KAAK,CACN,CAAC;QACJ,CAAC;QACD,IAAI,SAAS,CAAC,IAAI,KAAK,QAAQ,IAAI,SAAS,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YAC9D,MAAM,IAAI,QAAQ,CAChB,SAAS,CAAC,mBAAmB,EAC7B,qCAAqC,aAAa,EAAE,EACpD,aAAa,EACb,EAAE,YAAY,EAAE,SAAS,CAAC,IAAI,EAAE,EAChC,KAAK,CACN,CAAC;QACJ,CAAC;QACD,IAAI,SAAS,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YAC/B,MAAM,IAAI,QAAQ,CAChB,SAAS,CAAC,qBAAqB,EAC/B,kEAAkE,aAAa,EAAE,EACjF,aAAa,EACb,EAAE,YAAY,EAAE,SAAS,CAAC,IAAI,EAAE,EAChC,KAAK,CACN,CAAC;QACJ,CAAC;QACD,IAAI,SAAS,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;YACtC,MAAM,IAAI,QAAQ,CAChB,SAAS,CAAC,eAAe,EACzB,uBAAuB,aAAa,EAAE,EACtC,aAAa,EACb,EAAE,YAAY,EAAE,SAAS,CAAC,IAAI,EAAE,EAChC,KAAK,CACN,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,QAAQ,CAChB,SAAS,CAAC,WAAW,EACrB,2BAA2B,aAAa,EAAE,EAC1C,aAAa,EACb,EAAE,YAAY,EAAE,SAAS,CAAC,IAAI,EAAE,eAAe,EAAE,SAAS,CAAC,OAAO,EAAE,EACpE,KAAK,CACN,CAAC;IACJ,CAAC;IACD,MAAM,cAAc,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IAE/C,IAAI,CAAC,8BAA8B,CAAC,cAAc,CAAC,EAAE,CAAC;QACpD,MAAM,WAAW,GAAG,qBAAqB,EAAE,CAAC;QAC5C,MAAM,UAAU,GACd,WAAW,CAAC,MAAM,GAAG,CAAC;YACpB,CAAC,CAAC,yBAAyB,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YAC1E,CAAC,CAAC,6EAA6E,CAAC;QAEpF,MAAM,IAAI,QAAQ,CAChB,SAAS,CAAC,eAAe,EACzB,wBAAwB,aAAa,wCAAwC,UAAU,EAAE,EACzF,aAAa,EACb,EAAE,YAAY,EAAE,QAAQ,EAAE,sBAAsB,EAAE,cAAc,EAAE,CACnE,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,mBAAmB,KAAK,cAAc,CAAC;IAEzD,OAAO;QACL,aAAa,EAAE,mBAAmB;QAClC,YAAY,EAAE,cAAc;QAC5B,SAAS;KACV,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,4BAA4B,CAChD,aAAqB;IAErB,OAAO,mCAAmC,CAAC,aAAa,CAAC,CAAC;AAC5D,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,aAAqB;IAErB,MAAM,OAAO,GAAG,MAAM,mCAAmC,CAAC,aAAa,CAAC,CAAC;IACzE,OAAO,OAAO,CAAC,YAAY,CAAC;AAC9B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,KAAa;IAEb,MAAM,SAAS,GAAa,EAAE,CAAC;IAE/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACpC,SAAS;QACX,CAAC;QAED,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACxC,MAAM,cAAc,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;YAE9C,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAC5C,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxB,IAAI,CAAC;oBACH,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;oBACnD,SAAS,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAC1C,CAAC;gBAAC,MAAM,CAAC;oBACP,6CAA6C;oBAC7C,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;gBACjC,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,CAAC,oCAAoC,cAAc,EAAE,CAAC,CAAC;YACtE,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC"}
+{"version":3,"file":"path-validation.js","sourceRoot":"","sources":["../../src/lib/path-validation.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,qBAAqB,EACrB,qBAAqB,EACrB,6BAA6B,EAC7B,wBAAwB,EACxB,qBAAqB,GACtB,MAAM,0CAA0C,CAAC;AAClD,OAAO,EACL,oBAAoB,EACpB,4BAA4B,GAC7B,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAAE,uBAAuB,EAAE,MAAM,4BAA4B,CAAC"}

package/dist/lib/performance/monitor.d.ts

@@ -0,0 +1,25 @@
+interface OperationMetrics {
+    operation: string;
+    duration: number;
+    timestamp: number;
+}
+declare class PerformanceMonitor {
+    private observer?;
+    private metrics;
+    private readonly enabled;
+    constructor(enabled?: boolean);
+    private initObserver;
+    startOperation(name: string): void;
+    endOperation(name: string): void;
+    getMetrics(): OperationMetrics[];
+    getSummary(): Record<string, {
+        count: number;
+        avgDuration: number;
+        totalDuration: number;
+    }>;
+    clear(): void;
+    dispose(): void;
+}
+export declare const perfMonitor: PerformanceMonitor;
+export {};
+//# sourceMappingURL=monitor.d.ts.map

package/dist/lib/performance/monitor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"monitor.d.ts","sourceRoot":"","sources":["../../../src/lib/performance/monitor.ts"],"names":[],"mappings":"AAEA,UAAU,gBAAgB;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,cAAM,kBAAkB;IACtB,OAAO,CAAC,QAAQ,CAAC,CAAsB;IACvC,OAAO,CAAC,OAAO,CAA0B;IACzC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAU;gBAEtB,OAAO,UAAQ;IAO3B,OAAO,CAAC,YAAY;IAoBpB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAKlC,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAOhC,UAAU,IAAI,gBAAgB,EAAE;IAIhC,UAAU,IAAI,MAAM,CAClB,MAAM,EACN;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAC;QAAC,aAAa,EAAE,MAAM,CAAA;KAAE,CAC9D;IA6BD,KAAK,IAAI,IAAI;IAMb,OAAO,IAAI,IAAI;CAGhB;AAID,eAAO,MAAM,WAAW,oBAAoC,CAAC"}

package/dist/lib/performance/monitor.js

@@ -0,0 +1,84 @@
+import { performance, PerformanceObserver } from 'node:perf_hooks';
+class PerformanceMonitor {
+    observer;
+    metrics = [];
+    enabled;
+    constructor(enabled = false) {
+        this.enabled = enabled;
+        if (this.enabled) {
+            this.initObserver();
+        }
+    }
+    initObserver() {
+        this.observer = new PerformanceObserver((list) => {
+            for (const entry of list.getEntries()) {
+                this.metrics.push({
+                    operation: entry.name,
+                    duration: entry.duration,
+                    timestamp: entry.startTime,
+                });
+                // Log slow operations (>1s) to console
+                if (entry.duration > 1000) {
+                    console.warn(`[PERF] Slow operation: ${entry.name} took ${entry.duration.toFixed(2)}ms`);
+                }
+            }
+        });
+        this.observer.observe({ entryTypes: ['measure'] });
+    }
+    startOperation(name) {
+        if (!this.enabled)
+            return;
+        performance.mark(`${name}-start`);
+    }
+    endOperation(name) {
+        if (!this.enabled)
+            return;
+        const endMark = `${name}-end`;
+        performance.mark(endMark);
+        performance.measure(name, `${name}-start`, endMark);
+    }
+    getMetrics() {
+        return [...this.metrics];
+    }
+    getSummary() {
+        const summary = {};
+        for (const metric of this.metrics) {
+            summary[metric.operation] ??= {
+                count: 0,
+                avgDuration: 0,
+                totalDuration: 0,
+            };
+            const entry = summary[metric.operation];
+            if (entry) {
+                entry.count++;
+                entry.totalDuration += metric.duration;
+            }
+        }
+        for (const op of Object.keys(summary)) {
+            const stats = summary[op];
+            if (stats) {
+                stats.avgDuration = stats.totalDuration / stats.count;
+            }
+        }
+        return summary;
+    }
+    clear() {
+        this.metrics = [];
+        performance.clearMarks();
+        performance.clearMeasures();
+    }
+    dispose() {
+        this.observer?.disconnect();
+    }
+}
+// Enable via environment variable
+const isEnabled = process.env.ENABLE_PERF_MONITORING === 'true';
+export const perfMonitor = new PerformanceMonitor(isEnabled);
+// Cleanup on process exit
+process.on('beforeExit', () => {
+    if (isEnabled) {
+        console.error('[PERF] Summary:', perfMonitor.getSummary());
+    }
+    perfMonitor.dispose();
+});
+//# sourceMappingURL=monitor.js.map

package/dist/lib/performance/monitor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"monitor.js","sourceRoot":"","sources":["../../../src/lib/performance/monitor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAQnE,MAAM,kBAAkB;IACd,QAAQ,CAAuB;IAC/B,OAAO,GAAuB,EAAE,CAAC;IACxB,OAAO,CAAU;IAElC,YAAY,OAAO,GAAG,KAAK;QACzB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,IAAI,CAAC,YAAY,EAAE,CAAC;QACtB,CAAC;IACH,CAAC;IAEO,YAAY;QAClB,IAAI,CAAC,QAAQ,GAAG,IAAI,mBAAmB,CAAC,CAAC,IAAI,EAAE,EAAE;YAC/C,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,UAAU,EAAE,EAAE,CAAC;gBACtC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;oBAChB,SAAS,EAAE,KAAK,CAAC,IAAI;oBACrB,QAAQ,EAAE,KAAK,CAAC,QAAQ;oBACxB,SAAS,EAAE,KAAK,CAAC,SAAS;iBAC3B,CAAC,CAAC;gBAEH,uCAAuC;gBACvC,IAAI,KAAK,CAAC,QAAQ,GAAG,IAAI,EAAE,CAAC;oBAC1B,OAAO,CAAC,IAAI,CACV,0BAA0B,KAAK,CAAC,IAAI,SAAS,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAC3E,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,UAAU,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACrD,CAAC;IAED,cAAc,CAAC,IAAY;QACzB,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,OAAO;QAC1B,WAAW,CAAC,IAAI,CAAC,GAAG,IAAI,QAAQ,CAAC,CAAC;IACpC,CAAC;IAED,YAAY,CAAC,IAAY;QACvB,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,OAAO;QAC1B,MAAM,OAAO,GAAG,GAAG,IAAI,MAAM,CAAC;QAC9B,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC1B,WAAW,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,IAAI,QAAQ,EAAE,OAAO,CAAC,CAAC;IACtD,CAAC;IAED,UAAU;QACR,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;IAC3B,CAAC;IAED,UAAU;QAIR,MAAM,OAAO,GAGT,EAAE,CAAC;QAEP,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YAClC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK;gBAC5B,KAAK,EAAE,CAAC;gBACR,WAAW,EAAE,CAAC;gBACd,aAAa,EAAE,CAAC;aACjB,CAAC;YACF,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YACxC,IAAI,KAAK,EAAE,CAAC;gBACV,KAAK,CAAC,KAAK,EAAE,CAAC;gBACd,KAAK,CAAC,aAAa,IAAI,MAAM,CAAC,QAAQ,CAAC;YACzC,CAAC;QACH,CAAC;QAED,KAAK,MAAM,EAAE,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACtC,MAAM,KAAK,GAAG,OAAO,CAAC,EAAE,CAAC,CAAC;YAC1B,IAAI,KAAK,EAAE,CAAC;gBACV,KAAK,CAAC,WAAW,GAAG,KAAK,CAAC,aAAa,GAAG,KAAK,CAAC,KAAK,CAAC;YACxD,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,KAAK;QACH,IAAI,CAAC,OAAO,GAAG,EAAE,CAAC;QAClB,WAAW,CAAC,UAAU,EAAE,CAAC;QACzB,WAAW,CAAC,aAAa,EAAE,CAAC;IAC9B,CAAC;IAED,OAAO;QACL,IAAI,CAAC,QAAQ,EAAE,UAAU,EAAE,CAAC;IAC9B,CAAC;CACF;AAED,kCAAkC;AAClC,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,KAAK,MAAM,CAAC;AAChE,MAAM,CAAC,MAAM,WAAW,GAAG,IAAI,kBAAkB,CAAC,SAAS,CAAC,CAAC;AAE7D,0BAA0B;AAC1B,OAAO,CAAC,EAAE,CAAC,YAAY,EAAE,GAAG,EAAE;IAC5B,IAAI,SAAS,EAAE,CAAC;QACd,OAAO,CAAC,KAAK,CAAC,iBAAiB,EAAE,WAAW,CAAC,UAAU,EAAE,CAAC,CAAC;IAC7D,CAAC;IACD,WAAW,CAAC,OAAO,EAAE,CAAC;AACxB,CAAC,CAAC,CAAC"}

package/dist/schemas/input-helpers.d.ts

@@ -0,0 +1,27 @@
+import { z } from 'zod';
+export declare function isSafeGlobPattern(value: string): boolean;
+export declare const EncodingSchema: z.ZodDefault<z.ZodOptional<z.ZodEnum<["utf-8", "utf8", "ascii", "base64", "hex", "latin1"]>>>;
+export declare const ReadFileMaxSizeSchema: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+export declare const ReadMultipleFilesMaxSizeSchema: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+export declare const ExcludePatternsSchema: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, string, string>, "many">>>;
+export declare const BasicExcludePatternsSchema: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
+export declare const MaxDepthSchema: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+export declare const MaxResultsSchema: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+export declare const MaxFilesScannedSchema: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+export declare const TimeoutMsSchema: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+export declare const TopNSchema: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+export declare const TreeMaxDepthSchema: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+export declare const IncludeHiddenSchema: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+export declare const SortByFileSchema: z.ZodDefault<z.ZodOptional<z.ZodEnum<["name", "size", "modified", "path"]>>>;
+export declare const SortByDirectorySchema: z.ZodDefault<z.ZodOptional<z.ZodEnum<["name", "size", "modified", "type"]>>>;
+export declare const MaxEntriesSchema: z.ZodOptional<z.ZodNumber>;
+export declare const CaseSensitiveSchema: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+export declare const SkipBinarySchema: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+export declare const BaseNameMatchSchema: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+export declare const MaxFileSizeSearchSchema: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+export declare const ContextLinesSchema: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+export declare const HeadLinesSchema: z.ZodOptional<z.ZodNumber>;
+export declare const TailLinesSchema: z.ZodOptional<z.ZodNumber>;
+export declare const LineStartSchema: z.ZodOptional<z.ZodNumber>;
+export declare const LineEndSchema: z.ZodOptional<z.ZodNumber>;
+//# sourceMappingURL=input-helpers.d.ts.map