Validate that repo_path arguments in tool calls are within the
configured --repository path when the --repository flag is set.
The fix:
- Adds validate_repo_path() that resolves paths and checks
containment using Path.relative_to()
- Resolves symlinks before comparison
- Maintains backward compatibility when --repository is not set
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Paul Carleton <paulc@anthropic.com>
Add validation to reject arguments starting with '-' and verify
arguments resolve to valid git refs via rev_parse before passing
to git CLI commands. This prevents flag-like values from being
interpreted as command-line options (e.g., --output=/path/to/file).
CWE-88: Improper Neutralization of Argument Delimiters in a Command
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude <noreply@anthropic.com>
* In server/roots.ts
- in syncRoots, if roots are supported fetch them
* In get-roots-list.ts,
- Don't import and inspect current roots map, just call syncRoots to get the list.
* In how-it-works.md,
- added a section on conditional tool registration
* In server/index.ts
- import registerConditionalTools
- in an oninitialized handler for the server, call registerConditionalTools
- removed clientConnected from ServerFactoryResponse and all mentions in docs
* In tools/index.ts
- export a registerConditionalTools function
- refactor/move calls to registerGetRootsListTool, registerTriggerElicitationRequestTool, and registerTriggerSamplingRequestTool out of registerTools and into registerConditionalTools
* In server/roots.ts
- only act if client supports roots
- remove setInterval from call to requestRoots. It isn't happening during the initialze handshake anymore, so it doesn't interfere with that process if called immediaately
* In get-roots-list.ts, trigger-elicitation-request.ts, and trigger-sampling-request.ts,
- only register tool if client supports capability
* Throughout the rest of the files, removing all references to `clientConnected`
* In get-roots-list.ts, query the server's cache of the latest roots from the client and only request the list from the client if it doesn't exist.
* In roots.ts, export the roots map
* In get-roots-list.ts, query the server's cache of the latest roots from the client and only request the list from the client if it doesn't exist.
* In roots.ts, export the roots map
Finalized Roots list changed handling and initial request. Final fit and finish work.
* Updated architecture.md
- Added links to other docs
- Refactor/extracted sections into extension.md, features.md, how-it-works.md, startup.md, and structure.md
* Removed everything.ts
- all features are ported
* In roots.ts
- refactor/renaned setRootsListChangedHandler to syncRoots
- refactor handler logic to requestRoots function
- Calls for roots list directly to get initial list
* In server/index.ts
- import setRootsListChangedHandler
- in clientConnected callback
- call setRootsListChangedHandler passing server and sessionId
* In sse.ts, stdio.ts, and streamableHttp.ts
- update inline and function docs
* In index.ts,
- updated usage output
* In server/index.ts
- refactor/extracted readInstructions to resources/index.ts
- defined ServerFactoryResponse response type
Adding Trigger Elicitation Request and Get Roots List tools
* Updated architecture.md
* Added roots.ts
- tracks roots by sessionId
- setRootsListChangedHandler
- listens for roots changed notification from the client
- updates the roots map by sessionId
- sends log notification or error to the client
* In server/index.ts
- import setRootsListChangedHandler
- in clientConnected callback
- call setRootsListChangedHandler passing server and sessionId
* In sse.ts, stdio.ts, and streamableHttp.ts
- receive clientConnected from server factory
- call clientConnected when server is connected to transport
* Added get-roots-list.ts
- registerGetRootsListTool
- Registers the 'get-roots-list' tool with the given MCP server.
* Added trigger-elicitation-request.ts
- registerTriggerElicitationRequestTool
- registered tool sends an elicitation request that exercises all supported field types
* In tools/index.ts
- imports registerTriggerElicitationRequestTool and registerGetRootsListTool
- in registerTools
- call registerTriggerElicitationRequestTool and registerGetRootsListTool, passing server
Adding Trigger Elicitation Request and Get Roots List tools
* Updated architecture.md
* Added roots.ts
- tracks roots by sessionId
- setRootsListChangedHandler
- listens for roots changed notification from the client
- updates the roots map by sessionId
- sends log notification or error to the client
* In server/index.ts
- import setRootsListChangedHandler
- in clientConnected callback
- call setRootsListChangedHandler passing server and sessionId
* In sse.ts, stdio.ts, and streamableHttp.ts
- receive clientConnected from server factory
- call clientConnected when server is connected to transport
* Added get-roots-list.ts
- registerGetRootsListTool
- Registers the 'get-roots-list' tool with the given MCP server.
* Added trigger-elicitation-request.ts
- registerTriggerElicitationRequestTool
- registered tool sends an elicitation request that exercises all supported field types
* In tools/index.ts
- imports registerTriggerElicitationRequestTool and registerGetRootsListTool
- in registerTools
- call registerTriggerElicitationRequestTool and registerGetRootsListTool, passing server
