Windows CLI MCP Server

pathSecurity.ts•1.38 kB

import path from 'path'; import { normalizeLocalPath } from './wslPaths.js'; /** * Validate that a path is within allowed paths * Handles both Windows and WSL paths */ export async function validatePathAllowed( targetPath: string, allowedPaths: string[], restrictWorkingDirectory: boolean ): Promise<{ allowed: boolean; error?: string }> { if (!restrictWorkingDirectory) { return { allowed: true }; } const resolvedTarget = path.resolve(targetPath); for (const allowedPath of allowedPaths) { try { // Normalize allowedPath (handles WSL paths in config) const normalizedAllowed = await normalizeLocalPath(allowedPath); const resolvedAllowed = path.resolve(normalizedAllowed); // Check with path separator boundary to prevent prefix attacks if (resolvedTarget === resolvedAllowed || resolvedTarget.startsWith(resolvedAllowed + path.sep)) { return { allowed: true }; } } catch { // If normalization fails, try direct comparison (Windows paths) const resolvedAllowed = path.resolve(allowedPath); if (resolvedTarget === resolvedAllowed || resolvedTarget.startsWith(resolvedAllowed + path.sep)) { return { allowed: true }; } } } return { allowed: false, error: `Path not allowed: ${targetPath}. Configure allowedPaths in config.json.` }; }

Loading blob content...

Latest Blog Posts

Don't Use Large Strings as Cache Keys
By punkpeye on January 11, 2026.
markdown
node-js
cache
What are Claude Skills?
By punkpeye on January 10, 2026.
mcp
skills
How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/quanticsoul4772/mcp-server-win-cli'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

pathSecurity.ts•1.38 kB