Documentation / @agentick/mcp / pathTraversalSanitizer
Function: pathTraversalSanitizer()
pathTraversalSanitizer(
options?):InputSanitizer
Defined in: server/security/stages.ts:539
Sanitize path-like fields in tool input to prevent directory traversal attacks. Operates on specific fields (default: auto-detect by name).
typescript
pathTraversalSanitizer({
fields: ["path", "filename"],
allowedRoots: ["/workspace/", "/tmp/"],
mode: "reject",
});What it detects:
- Literal
..path segments - URL-encoded
%2e%2e - Double-URL-encoded sequences
- Backslash variants on Windows-style paths
- Null-byte truncation attempts
Important: Path sanitization is a defense-in-depth measure, not a substitute for real sandboxing. Use @agentick/sandbox or OS-level chroot/namespace isolation for hard boundaries.
Parameters
options?
PathTraversalSanitizerOptions = {}