diff --git a/src/filesystem/README.md b/src/filesystem/README.md index b9286511..d7e1fdc9 100644 --- a/src/filesystem/README.md +++ b/src/filesystem/README.md @@ -122,6 +122,7 @@ Note: you can provide sandboxed directories to the server by mounting them to `/ "--mount", "type=bind,src=/Users/username/Desktop,dst=/projects/Desktop", "--mount", "type=bind,src=/path/to/other/allowed/dir,dst=/projects/other/allowed/dir,ro", "--mount", "type=bind,src=/path/to/file.txt,dst=/projects/path/to/file.txt", + "--env", "DOCKER_ROOT_WORKSPACE=/projects", "ai/mcp-filesystem" ] } diff --git a/src/filesystem/index.ts b/src/filesystem/index.ts index b4d5c419..e67887e7 100644 --- a/src/filesystem/index.ts +++ b/src/filesystem/index.ts @@ -17,9 +17,20 @@ import { minimatch } from 'minimatch'; // Command line argument parsing const args = process.argv.slice(2); -if (args.length === 0) { - console.error("Usage: mcp-server-filesystem [additional-directories...]"); - process.exit(1); + +let allowedDirectories: string[] = []; + +if (process.env.DOCKER_ROOT_WORKSPACE) { + allowedDirectories = await fs.readdir(process.env.DOCKER_ROOT_WORKSPACE); +} +else { + if (args.length === 0) { + console.error("Usage: mcp-server-filesystem [additional-directories...]"); + process.exit(1); + } + allowedDirectories = args.map(dir => + normalizePath(path.resolve(expandHome(dir))) + ); } // Normalize all paths consistently @@ -35,12 +46,9 @@ function expandHome(filepath: string): string { } // Store allowed directories in normalized form -const allowedDirectories = args.map(dir => - normalizePath(path.resolve(expandHome(dir))) -); // Validate that all directories exist and are accessible -await Promise.all(args.map(async (dir) => { +await Promise.all(allowedDirectories.map(async (dir) => { try { const stats = await fs.stat(dir); if (!stats.isDirectory()) { @@ -644,4 +652,4 @@ async function runServer() { runServer().catch((error) => { console.error("Fatal error running server:", error); process.exit(1); -}); +}); \ No newline at end of file