mcp_server

The project prioritizes security, implementing robust sandboxing for all file operations via `resolveSafePath`, which diligently handles `.` `..` traversals, absolute paths, and crucially, symbolic link resolution to prevent workspace escapes. Command execution (`runCommand`) uses `child_process.spawn` with `shell: false` and arguments passed as arrays, effectively mitigating command injection. Commands are strictly controlled via a configurable allowlist (`MCP_ALLOWED_COMMANDS`), ensuring only explicitly permitted binaries can run. An optional read-only mode prevents all write, delete, and creation operations. Atomic file writes (`writeFileAtomic`) prevent partial file corruption. Error handling is structured to avoid exposing sensitive system details, and configuration is managed through environment variables without hardcoded secrets. The server uses `stdio` for communication, limiting its direct network exposure.