FS Context MCP Server

Overview Schema Related Servers Score Discussions

path-policy.ts•2.85 KiB

import * as path from 'node:path'; import { platform } from 'node:os'; import { SENSITIVE_FILE_ALLOWLIST, SENSITIVE_FILE_DENYLIST, } from './constants.js'; import { ErrorCode, McpError } from './errors.js'; interface CompiledPattern { raw: string; regex: RegExp; matchesPath: boolean; } function escapeRegex(value: string): string { return value.replace(/[.+?^${}()|[\]\\]/g, '\\$&'); } function normalizePathForMatch(input: string): string { return path.normalize(input).replace(/\\/gu, '/'); } function compilePatterns(patterns: readonly string[]): CompiledPattern[] { const unique = new Set( patterns .map((pattern) => pattern.trim()) .filter((pattern) => pattern.length > 0) ); const flags = platform() === 'win32' ? 'i' : ''; return [...unique].map((pattern) => { const normalized = normalizePathForMatch(pattern); const matchesPath = normalized.includes('/'); const escaped = escapeRegex(normalized).replace(/\*/gu, '.*'); const source = matchesPath ? escaped : `^${escaped}$`; return { raw: normalized, regex: new RegExp(source, flags), matchesPath, }; }); } const DENY_PATTERNS = compilePatterns(SENSITIVE_FILE_DENYLIST); const ALLOW_PATTERNS = compilePatterns(SENSITIVE_FILE_ALLOWLIST); function matchesAny( patterns: readonly CompiledPattern[], pathCandidates: readonly string[], nameCandidates: readonly string[] ): boolean { for (const pattern of patterns) { const candidates = pattern.matchesPath ? pathCandidates : nameCandidates; for (const candidate of candidates) { if (pattern.regex.test(candidate)) return true; } } return false; } export function isSensitivePath( requestedPath: string, resolvedPath?: string ): boolean { if (DENY_PATTERNS.length === 0) return false; const normalizedRequested = normalizePathForMatch(requestedPath); const normalizedResolved = resolvedPath ? normalizePathForMatch(resolvedPath) : undefined; const pathCandidates = [ normalizedRequested, ...(normalizedResolved && normalizedResolved !== normalizedRequested ? [normalizedResolved] : []), ]; const nameCandidates = [ path.basename(normalizedRequested), ...(normalizedResolved && normalizedResolved !== normalizedRequested ? [path.basename(normalizedResolved)] : []), ]; if (matchesAny(ALLOW_PATTERNS, pathCandidates, nameCandidates)) { return false; } return matchesAny(DENY_PATTERNS, pathCandidates, nameCandidates); } export function assertAllowedFileAccess( requestedPath: string, resolvedPath?: string ): void { if (!isSensitivePath(requestedPath, resolvedPath)) return; throw new McpError( ErrorCode.E_ACCESS_DENIED, `Access denied: sensitive file blocked by policy (${requestedPath}). ` + 'Set FS_CONTEXT_ALLOW_SENSITIVE=1 or use FS_CONTEXT_ALLOWLIST to override.', requestedPath ); }

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/j0hanz/fs-context-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

path-policy.ts•2.85 KiB