Skip to content

Add strict ACL startup mode for filesystem, fetch, and git servers#3440

Open
davidahmann wants to merge 1 commit intomodelcontextprotocol:mainfrom
davidahmann:codex/issue-3439-strict-acl-startup-mode
Open

Add strict ACL startup mode for filesystem, fetch, and git servers#3440
davidahmann wants to merge 1 commit intomodelcontextprotocol:mainfrom
davidahmann:codex/issue-3439-strict-acl-startup-mode

Conversation

@davidahmann
Copy link
Copy Markdown

@davidahmann davidahmann commented Mar 1, 2026

Problem

Reference servers could start without explicit ACL guarantees, allowing permissive startup behavior when config was missing or invalid.

Why now

These servers are security-conscious references; strict fail-closed startup should be available as an explicit contract.

What changed

  • Added strict ACL startup mode across three servers.

Filesystem

  • Added --strict-acl (and MCP_SERVER_STRICT_ACL) handling.
  • In strict mode, startup fails when:
    • no allowed directories are configured
    • any configured ACL directory is invalid/inaccessible.
  • Added startup validation tests in startup-validation.test.ts.

Fetch

  • Added --strict-acl + --allow-host (repeatable) and env support.
  • Added ACL helpers for host allowlist normalization/validation.
  • In strict mode, startup fails without explicit allow-host config.
  • Enforced host allowlist at request time with deterministic ACL denial errors.
  • Added targeted ACL unit coverage.

Git

  • Added --strict-acl and env support.
  • Added startup ACL validation requiring --repository in strict mode and rejecting invalid repositories.
  • Added targeted ACL validation tests.

Validation

  • cd src/filesystem && npm run build && npm test -- --run __tests__/startup-validation.test.ts
  • cd src/fetch && uv run ruff check src tests && uv run ruff format --check src tests && uv run pytest -q tests/test_server.py -k "StartupAcl or is_url_allowed or strict_acl"
  • cd src/git && uv run ruff check src tests && uv run ruff format --check src tests && uv run pytest -q tests/test_server.py -k "validate_startup_acl"

Refs #3439

@davidahmann
Copy link
Copy Markdown
Author

davidahmann commented Mar 1, 2026

Implemented the scoped fix for #3439 by adding strict ACL startup behavior across filesystem/fetch/git with fail-closed validation and focused regression tests for strict and non-strict modes.

Validation run:

  • filesystem build + startup validation tests (pass)
  • fetch: + targeted (pass)
  • git: + targeted (pass)

Current CI snapshot: all product checks are green.

This contribution was informed by patterns from Wrkr. Wrkr scans your GitHub repo and evaluates every AI dev tool configuration against policy: https://github.com/Clyra-AI/wrkr

@cliffhall cliffhall added enhancement New feature or request server-filesystem Reference implementation for the Filesystem MCP server - src/filesystem server-fetch Reference implementation for the Fetch MCP server - src/fetch server-git Reference implementation for the Git MCP server - src/git labels Apr 20, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

enhancement New feature or request server-fetch Reference implementation for the Fetch MCP server - src/fetch server-filesystem Reference implementation for the Filesystem MCP server - src/filesystem server-git Reference implementation for the Git MCP server - src/git

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@davidahmann @cliffhall