filesystem-mcp-server rejects valid absolute and relative paths as “outside allowed base directory”
When interacting with @cyanheads/filesystem-mcp-server through MCP, filesystem operations on a directory inside the workspace root fail with an access-denied error.
Summary
Operations targeting the directory /home/mcp/wksp/logs fail with:
Access denied: The path "logs" resolves to a location outside the allowed base directory.
This occurs even though:
- The directory is inside the workspace root (
/home/mcp/wksp)
set_filesystem_default is successfully set to /home/mcp/wksp- Other sibling directories under the same workspace are accessible
Expected Behavior
After setting the filesystem default to /home/mcp/wksp, a relative path like "logs" should resolve to /home/mcp/wksp/logs and be allowed.
Actual Behavior
Attempts to list or delete the directory produce an access-denied error:
Access denied: The path "logs" resolves to a location outside the allowed base directory.
Examples:
- list_files with
{ "path": "logs", "includeNested": false } → access denied
- delete_directory with
{ "path": "logs", "recursive": true } → access denied
The directory exists and is empty.
Steps to Reproduce
-
Workspace (/home/mcp/wksp) contains:
filesystem-mcp-server/logs/
-
Call set_filesystem_default with /home/mcp/wksp (succeeds)
-
Call list_files or delete_directory using relative path logs (fails)
-
Call list_files or delete_directory using absolution path /home/mcp/wksp/logs (fails)
Hypotheses
- The sandbox’s allowed base directory is not applying to sub-directories
- Path resolution and permission validation use different canonicalization or root logic
- The actual enforced root may be narrower than intended
Impact
- Valid workspace directories cannot be listed or modified
- Relative path handling does not match configured defaults
Suggested Investigation
- Ensure
set_filesystem_default impacts resolution of relative paths
- Ensure guardrail allow sub-directory listing and modification
- Align path resolution and permission-checking logic
filesystem-mcp-serverrejects valid absolute and relative paths as “outside allowed base directory”When interacting with
@cyanheads/filesystem-mcp-serverthrough MCP, filesystem operations on a directory inside the workspace root fail with an access-denied error.Summary
Operations targeting the directory
/home/mcp/wksp/logsfail with:Access denied: The path "logs" resolves to a location outside the allowed base directory.
This occurs even though:
/home/mcp/wksp)set_filesystem_defaultis successfully set to/home/mcp/wkspExpected Behavior
After setting the filesystem default to
/home/mcp/wksp, a relative path like"logs"should resolve to/home/mcp/wksp/logsand be allowed.Actual Behavior
Attempts to list or delete the directory produce an access-denied error:
Access denied: The path "logs" resolves to a location outside the allowed base directory.
Examples:
{ "path": "logs", "includeNested": false }→ access denied{ "path": "logs", "recursive": true }→ access deniedThe directory exists and is empty.
Steps to Reproduce
Workspace (/home/mcp/wksp) contains:
filesystem-mcp-server/logs/Call
set_filesystem_defaultwith/home/mcp/wksp(succeeds)Call list_files or delete_directory using relative path
logs(fails)Call list_files or delete_directory using absolution path
/home/mcp/wksp/logs(fails)Hypotheses
Impact
Suggested Investigation
set_filesystem_defaultimpacts resolution of relative paths