contextfs

The server uses `zod` for input validation on MCP tool calls, which is a strong positive for security. The `contextfs_import_claude` tool parses `.jsonl` files from the user's local `~/.claude/projects/` directory using `JSON.parse`. While `JSON.parse` is generally safe, processing external, potentially untrusted JSON data from local files is always a minor point of attention, though limited in scope as it's not directly exposed to network input for arbitrary file content. There are no obvious hardcoded secrets, `eval` usage, or direct remote code execution vectors identified.