(filePath?: string)
| 205 | } |
| 206 | |
| 207 | async validatePath(filePath?: string): Promise<void> { |
| 208 | if (filePath === undefined) { |
| 209 | return; |
| 210 | } |
| 211 | const roots = this.roots(); |
| 212 | if (roots === undefined) { |
| 213 | return; |
| 214 | } |
| 215 | |
| 216 | let canonicalPath: string; |
| 217 | |
| 218 | try { |
| 219 | canonicalPath = await resolveCanonicalPath(filePath); |
| 220 | } catch (err) { |
| 221 | const errMsg = err instanceof Error ? err.message : String(err); |
| 222 | console.error( |
| 223 | `[MCP Context] Error resolving real path for ${filePath}: ${errMsg}`, |
| 224 | ); |
| 225 | throw new Error( |
| 226 | `Access denied: Cannot resolve base path for ${filePath}.`, |
| 227 | ); |
| 228 | } |
| 229 | |
| 230 | let allowed = false; |
| 231 | for (const root of roots) { |
| 232 | try { |
| 233 | const rootPathUri = root.uri; |
| 234 | const rootPath = path.resolve(fileURLToPath(rootPathUri)); |
| 235 | const canonicalRoot = await fsPromises.realpath(rootPath); |
| 236 | |
| 237 | if ( |
| 238 | canonicalPath === canonicalRoot || |
| 239 | canonicalPath.startsWith(canonicalRoot + path.sep) |
| 240 | ) { |
| 241 | allowed = true; |
| 242 | break; |
| 243 | } |
| 244 | } catch (rootErr) { |
| 245 | const errMsg = |
| 246 | rootErr instanceof Error ? rootErr.message : String(rootErr); |
| 247 | console.warn( |
| 248 | `[MCP Context] Could not resolve configured root ${root.uri}: ${errMsg}`, |
| 249 | ); |
| 250 | // Skip this root if it cannot be resolved. |
| 251 | } |
| 252 | } |
| 253 | |
| 254 | if (!allowed) { |
| 255 | throw new Error( |
| 256 | `Access denied: path ${filePath} (canonical: ${canonicalPath}) is not within any of the configured workspace roots.`, |
| 257 | ); |
| 258 | } |
| 259 | } |
| 260 | |
| 261 | resolveCdpRequestId(page: McpPage, cdpRequestId: string): number | undefined { |
| 262 | if (!cdpRequestId) { |
no test coverage detected