Expand description
Resolution of the launch root.
The launch root is the directory shell-mcp pins every executed command
into. v0.1.0 derived it from the process working directory, which broke
under Claude Desktop: Desktop launches MCP servers from an undefined
cwd (often / on macOS), so the safety boundary collapsed to the whole
filesystem.
v0.1.1 takes the root from three sources, in this precedence order:
--root <PATH>CLI flagSHELL_MCP_ROOTenvironment variable- The process’s launch cwd (legacy behaviour, kept as a fallback for direct shell invocations).
Whichever source wins, the path must already be absolute, must
exist, and must be a directory. We then canonicalize so symlinks are
resolved up front (otherwise the lexical containment check in
crate::safety::resolve_cwd would compare against an unresolved
prefix and a request for the symlink target would falsely escape).
Structs§
- Resolved
Root - The chosen root plus the source it came from.
Enums§
- Root
Error - Root
Source - Where the resolved root came from. Surfaced in logs so the operator can tell which input was honoured.
Functions§
- resolve_
root - Pure resolution function so unit tests can drive every case without touching the process environment.