Problem
When Cursor enables the codedb MCP server, the active/default project can resolve to / (or other denied roots) instead of the workspace path. This causes confusing behavior in project-scoped MCP calls and can retain stale denied roots in local project cache listings.
Failing Test
test "issue-78: mcp sanitizeProjectsCache removes denied cached roots" {
var tmp = testing.tmpDir(.{});
defer tmp.cleanup();
var projects_buf: [std.fs.max_path_bytes]u8 = undefined;
const projects_dir = try tmp.dir.realpath(".", &projects_buf);
try tmp.dir.makePath("badroot");
try tmp.dir.makePath("good");
{
const file = try tmp.dir.createFile("badroot/project.txt", .{});
defer file.close();
try file.writeAll("/\n");
}
{
const file = try tmp.dir.createFile("good/project.txt", .{});
defer file.close();
try file.writeAll("/Users/example/workspace\n");
}
const removed = try mcp_mod.sanitizeProjectsCache(testing.allocator, projects_dir);
try testing.expectEqual(@as(u32, 1), removed);
try testing.expectError(error.FileNotFound, tmp.dir.access("badroot/project.txt", .{}));
try tmp.dir.access("good/project.txt", .{});
}Expected
Denied roots (like /, /tmp, /private/tmp, /var/tmp) are never selected as active/default projects and are removed from cached local project entries.
Fix
Apply root policy validation in MCP project resolution and proactively sanitize cached project entries before listing/using them.
Problem
When Cursor enables the codedb MCP server, the active/default project can resolve to
/(or other denied roots) instead of the workspace path. This causes confusing behavior in project-scoped MCP calls and can retain stale denied roots in local project cache listings.Failing Test
Expected
Denied roots (like
/,/tmp,/private/tmp,/var/tmp) are never selected as active/default projects and are removed from cached local project entries.Fix
Apply root policy validation in MCP project resolution and proactively sanitize cached project entries before listing/using them.