runtime-guard

Official

by runtimeguard

Overview Schema Related Servers Score Discussions

Python

Local

list_directory

List directory entries with metadata, respecting path and depth constraints to prevent unauthorized access.

Instructions

List directory entries with metadata, honoring path and depth policy.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`path`	Yes
`ctx`	No

Output Schema

TableJSON Schema

Name	Required	Description	Default
`result`	Yes

Implementation Reference

src/tools/file_tools.py:287-344 (handler)

Main handler function for the 'list_directory' tool. Resolves path relative to WORKSPACE_ROOT, checks path policy, validates directory existence, enforces max_directory_depth policy, then lists entries with metadata (name, type, size, modified time).

def list_directory(path: str, ctx: Context | None = None) -> str:
    """List directory entries with metadata, honoring path and depth policy."""
    context_tokens = activate_runtime_context(ctx)
    path = str(pathlib.Path(WORKSPACE_ROOT) / path) if not os.path.isabs(path) else path

    try:
        refresh_policy_if_changed()
        path_check = check_path_policy(path, tool="list_directory")
        if path_check:
            result = PolicyResult(allowed=False, reason=path_check[0], decision_tier="blocked", matched_rule=path_check[1])
        else:
            result = PolicyResult(allowed=True, reason="allowed", decision_tier="allowed", matched_rule=None)

        if result.allowed:
            if not os.path.exists(path):
                append_log_entry(build_log_entry("list_directory", result, path=path, error="path not found"))
                return f"Error: path not found: {path}"

            if not os.path.isdir(path):
                append_log_entry(build_log_entry("list_directory", result, path=path, error="not a directory"))
                return f"Error: '{path}' is a file, not a directory"

            depth = relative_depth(path)
            max_depth = POLICY.get("allowed", {}).get("max_directory_depth", 5)
            if depth > max_depth:
                result = PolicyResult(
                    allowed=False,
                    reason=f"Directory depth {depth} exceeds the policy limit of {max_depth} (allowed.max_directory_depth): '{path}'",
                    decision_tier="blocked",
                    matched_rule="allowed.max_directory_depth",
                )

        append_log_entry(build_log_entry("list_directory", result, path=path))
        if not result.allowed:
            return f"[POLICY BLOCK] {result.reason}"

        lines = [f"Contents of {path}:"]
        try:
            entries = sorted(os.scandir(path), key=lambda e: (e.is_file(), e.name))
        except OSError as e:
            return f"Error reading directory: {e}"

        for entry in entries:
            try:
                stat = entry.stat(follow_symlinks=False)
                mtime = datetime.datetime.fromtimestamp(stat.st_mtime, datetime.UTC).isoformat().replace("+00:00", "Z")
                kind = "file" if entry.is_file(follow_symlinks=False) else "directory"
                size = f"{stat.st_size} bytes" if kind == "file" else "-"
                lines.append(f"  {entry.name}  [{kind}]  size={size}  modified={mtime}")
            except OSError:
                lines.append(f"  {entry.name}  [unreadable]")

        if len(lines) == 1:
            lines.append("  (empty)")

        return "\n".join(lines)
    finally:
        reset_runtime_context(context_tokens)

src/server.py:10-10 (registration)
Import of list_directory from tools module.
```
list_directory,
```
src/server.py:29-31 (registration)
Registration of list_directory as an MCP tool via mcp.tool()(list_directory).
```
    list_directory,
]:
    mcp.tool()(tool)
```

src/tools/__init__.py:2-2 (helper)

Re-export of list_directory from file_tools module.

from .file_tools import delete_file, edit_file, list_directory, read_file, write_file

src/mcp_config_manager.py:38-38 (helper)
list_directory included in the list of tool names used for MCP configuration management.
```
"list_directory",
```

Tool Definition Quality

B3.2/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description must fully disclose behavior. It fails to mention that the operation is read-only, what happens with invalid paths, or any permission requirements. The phrase 'honoring path and depth policy' is vague.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, concise sentence that front-loads the action and resource. Every word is necessary and there is no redundancy.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

While the tool has an output schema (so return values are covered), the description omits important context such as whether listing is recursive, the default depth, and how the 'depth policy' is determined. For a simple tool, it is minimally adequate but not fully informative.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters2/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 0%, so the description should add meaning. It mentions 'path and depth policy' but does not explain the 'ctx' parameter or the expected format of 'path'. It adds minimal value beyond the schema's property names.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the action ('list') and the resource ('directory entries with metadata'), and it distinguishes from sibling tools like read_file and write_file by focusing on listing metadata rather than file content.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

No guidance on when to use this tool versus alternatives such as read_file or search. The description mentions 'honoring path and depth policy' but does not explain what that entails or when it applies.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/runtimeguard/runtime-guard'

If you have feedback or need assistance with the MCP directory API, please join our Discord server