Documentation / @agentick/mcp / PathTraversalSanitizerOptions

Interface: PathTraversalSanitizerOptions

Defined in: server/security/stages.ts:492

Properties

allowedRoots?

optional allowedRoots: string[]

Defined in: server/security/stages.ts:507

Optional allow-list of path prefixes. If set, sanitized paths must start with one of these prefixes or the request is rejected. Useful when you want to scope a read_file tool to a specific directory.

Prefixes are compared after normalization.

---

fields?

optional fields: string[]

Defined in: server/security/stages.ts:498

Which input fields should be checked for path traversal. If omitted, all string fields whose keys include "path", "file", "filename", "dir", or "directory" (case-insensitive) are checked.

---

mode?

optional mode: "reject" | "strip"

Defined in: server/security/stages.ts:513

Action when traversal is detected: "reject" (throw) or "strip" (remove the offending ../ sequences and pass through). Default: "reject".