Desktop Commander MCP

Instructions

Implementation Reference

• src/tools/filesystem.ts:90-93 (handler)

  The core handler function that performs the directory creation after path validation. Uses fs.mkdir with recursive option to create nested directories.

  export async function createDirectory(dirPath: string): Promise<void> {
      const validPath = await validatePath(dirPath);
      await fs.mkdir(validPath, { recursive: true });
  }

• src/tools/schemas.ts:45-47 (schema)

  Zod schema defining the input arguments for the create_directory tool: a single 'path' string.

  export const CreateDirectoryArgsSchema = z.object({
    path: z.string(),
  });

• src/server.ts:149-155 (registration)

  Tool registration in the listTools handler, specifying name, description, and input schema.

  {
    name: "create_directory",
    description:
      "Create a new directory or ensure a directory exists. Can create multiple " +
      "nested directories in one operation. Only works within allowed directories.",
    inputSchema: zodToJsonSchema(CreateDirectoryArgsSchema),
  },

• src/server.ts:287-293 (registration)

  Dispatch handler in CallToolRequest that parses args, calls the createDirectory function, and formats the response.

  case "create_directory": {
    const parsed = CreateDirectoryArgsSchema.parse(args);
    await createDirectory(parsed.path);
    return {
      content: [{ type: "text", text: `Successfully created directory ${parsed.path}` }],
    };
  }

• src/tools/filesystem.ts:24-62 (helper)

  Security helper function used by createDirectory to validate and resolve the path, ensuring it's within allowed directories and handling symlinks.

  export async function validatePath(requestedPath: string): Promise<string> {
      const expandedPath = expandHome(requestedPath);
      const absolute = path.isAbsolute(expandedPath)
          ? path.resolve(expandedPath)
          : path.resolve(process.cwd(), expandedPath);
          
      const normalizedRequested = normalizePath(absolute);
  
      // Check if path is within allowed directories
      const isAllowed = allowedDirectories.some(dir => normalizedRequested.startsWith(normalizePath(dir)));
      if (!isAllowed) {
          throw new Error(`Access denied - path outside allowed directories: ${absolute}`);
      }
  
      // Handle symlinks by checking their real path
      try {
          const realPath = await fs.realpath(absolute);
          const normalizedReal = normalizePath(realPath);
          const isRealPathAllowed = allowedDirectories.some(dir => normalizedReal.startsWith(normalizePath(dir)));
          if (!isRealPathAllowed) {
              throw new Error("Access denied - symlink target outside allowed directories");
          }
          return realPath;
      } catch (error) {
          // For new files that don't exist yet, verify parent directory
          const parentDir = path.dirname(absolute);
          try {
              const realParentPath = await fs.realpath(parentDir);
              const normalizedParent = normalizePath(realParentPath);
              const isParentAllowed = allowedDirectories.some(dir => normalizedParent.startsWith(normalizePath(dir)));
              if (!isParentAllowed) {
                  throw new Error("Access denied - parent directory outside allowed directories");
              }
              return absolute;
          } catch {
              throw new Error(`Parent directory does not exist: ${parentDir}`);
          }
      }
  }