fix: always allow tmpdir access in client roots

OrKoN · OrKoN · commit 16a6881088c9 · 2026-04-30T09:06:28.000+02:00
diff --git a/src/McpContext.ts b/src/McpContext.ts
@@ -5,8 +5,9 @@
  */
 
 import fs from 'node:fs/promises';
+import os from 'node:os';
 import path from 'node:path';
-import {fileURLToPath} from 'node:url';
+import {fileURLToPath, pathToFileURL} from 'node:url';
 
 import type {TargetUniverse} from './DevtoolsUtils.js';
 import {UniverseManager} from './DevtoolsUtils.js';
@@ -158,7 +159,16 @@ export class McpContext implements Context {
   }
 
   roots(): Root[] | undefined {
-    return this.#roots;
+    if (this.#roots === undefined) {
+      return undefined;
+    }
+    return [
+      ...this.#roots,
+      {
+        uri: pathToFileURL(os.tmpdir()).href,
+        name: 'temp',
+      },
+    ];
   }
 
   setRoots(roots: Root[] | undefined): void {
diff --git a/tests/McpContext.test.ts b/tests/McpContext.test.ts
@@ -220,7 +220,15 @@ describe('McpContext', () => {
     await withMcpContext(async (_response, context) => {
       const roots = [{uri: 'file:///test', name: 'test'}];
       context.setRoots(roots);
-      assert.deepEqual(context.roots(), roots);
+      const actualRoots = context.roots();
+      assert.ok(
+        actualRoots?.some(r => r.name === 'test'),
+        'Should contain the set root',
+      );
+      assert.ok(
+        actualRoots?.some(r => r.name === 'temp'),
+        'Should contain the temp root',
+      );
     });
   });
 
diff --git a/tests/roots.test.ts b/tests/roots.test.ts
@@ -0,0 +1,50 @@
+/**
+ * @license
+ * Copyright 2026 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import assert from 'node:assert';
+import os from 'node:os';
+import path from 'node:path';
+import {describe, it} from 'node:test';
+import {pathToFileURL} from 'node:url';
+
+import {withMcpContext} from './utils.js';
+
+describe('McpContext Roots', () => {
+  it('should allow access to os.tmpdir() even if roots are empty', async () => {
+    await withMcpContext(async (_response, context) => {
+      context.setRoots([]);
+      const tmpPath = path.join(os.tmpdir(), 'test-file.txt');
+      // This should not throw
+      context.validatePath(tmpPath);
+    });
+  });
+
+  it('should allow access to os.tmpdir() when other roots are set', async () => {
+    await withMcpContext(async (_response, context) => {
+      const otherRoot = path.resolve(
+        os.tmpdir(),
+        '..',
+        'other_workspace_root_for_test',
+      );
+      context.setRoots([{uri: pathToFileURL(otherRoot).href, name: 'other'}]);
+
+      const tmpPath = path.join(os.tmpdir(), 'test-file.txt');
+      // This should not throw
+      context.validatePath(tmpPath);
+
+      // Other root should also be allowed
+      context.validatePath(path.join(otherRoot, 'file.txt'));
+
+      // Outside should still be denied. Use a path that is definitely not a root or temp dir.
+      // We use a sibling directory to the temp dir or home dir.
+      const outsidePath = path.resolve(
+        os.homedir(),
+        'a_very_unlikely_path_name_12345',
+      );
+      assert.throws(() => context.validatePath(outsidePath), /Access denied/);
+    });
+  });
+});
