Version: 1.7.0 (pdf-server-mcp via Claude Desktop extension manager)
OS: Windows 11 / Claude Desktop 1.4758.0
Severity: Functional regression — local PDFs cannot be opened via display_pdf
What happens
list_pdfs returns:
{"localFiles": [], "allowedDirectories": [], "truncated": false}
Even when:
Directories are passed as positional args via the manifest's mcp_config.args
(which parseArgs() should register at line ~34372 in dist/index.js)
A cowork directory mount has been approved by the user
display_pdf against any local file path is rejected with "Local file not in allowed list".
Root cause
In dist/server.js refreshRoots():
async function refreshRoots(server) {
if (!server.getClientCapabilities()?.roots)
return;
try {
const { roots } = await server.listRoots();
allowedLocalDirs.clear(); // <-- this line
for (const root of roots) { ... }
}
}
When --stdio mode runs, useClientRoots: true is hardcoded, so
refreshRoots() always fires on init via oninitialized. Claude Desktop
1.4758.0 advertises the roots capability but server.listRoots() returns
an empty array (cowork mounts not propagating as MCP roots). The
unconditional clear() then wipes any directories registered via CLI args
in main() lines 34372/34376.
Reproduction
Install pdf-server-mcp 1.7.0 in Claude Desktop on Windows.
In manifest.json (or via a launch wrapper) add positional directory
paths to mcp_config.args after --stdio, e.g.
["${__dirname}/dist/index.js", "--stdio", "C:\\some\\dir"].
Restart Claude Desktop.
Call list_pdfs. Expected: allowedDirectories includes C:\some\dir.
Actual: allowedDirectories: [].
Suggested fix
In refreshRoots(), either (a) only clear when the new roots list is
non-empty, or (b) drop the clear entirely and rely on Set.add()'s dedup
behavior. Option (b) is safer because cowork-side root removals would
still need a separate mechanism (e.g., a roots/list_changed notification
that explicitly signals removal, not the current implicit
clear-and-replace).
Workaround applied locally
Commented out the allowedLocalDirs.clear() line. CLI-arg directories
now survive the refresh and display_pdf works on local paths again.
This loses the ability for the host to revoke a previously-granted root
via the empty-list path, but in practice cowork mounts are additive in
our usage pattern.
Version: 1.7.0 (pdf-server-mcp via Claude Desktop extension manager)
OS: Windows 11 / Claude Desktop 1.4758.0
Severity: Functional regression — local PDFs cannot be opened via display_pdf
What happens
list_pdfsreturns:{"localFiles": [], "allowedDirectories": [], "truncated": false} Even when: Directories are passed as positional args via the manifest's mcp_config.args (which parseArgs() should register at line ~34372 in dist/index.js) A cowork directory mount has been approved by the user display_pdf against any local file path is rejected with "Local file not in allowed list". Root cause In dist/server.js refreshRoots(): async function refreshRoots(server) { if (!server.getClientCapabilities()?.roots) return; try { const { roots } = await server.listRoots(); allowedLocalDirs.clear(); // <-- this line for (const root of roots) { ... } } } When --stdio mode runs, useClientRoots: true is hardcoded, so refreshRoots() always fires on init via oninitialized. Claude Desktop 1.4758.0 advertises the roots capability but server.listRoots() returns an empty array (cowork mounts not propagating as MCP roots). The unconditional clear() then wipes any directories registered via CLI args in main() lines 34372/34376. Reproduction Install pdf-server-mcp 1.7.0 in Claude Desktop on Windows. In manifest.json (or via a launch wrapper) add positional directory paths to mcp_config.args after --stdio, e.g. ["${__dirname}/dist/index.js", "--stdio", "C:\\some\\dir"]. Restart Claude Desktop. Call list_pdfs. Expected: allowedDirectories includes C:\some\dir. Actual: allowedDirectories: []. Suggested fix In refreshRoots(), either (a) only clear when the new roots list is non-empty, or (b) drop the clear entirely and rely on Set.add()'s dedup behavior. Option (b) is safer because cowork-side root removals would still need a separate mechanism (e.g., a roots/list_changed notification that explicitly signals removal, not the current implicit clear-and-replace). Workaround applied locally Commented out the allowedLocalDirs.clear() line. CLI-arg directories now survive the refresh and display_pdf works on local paths again. This loses the ability for the host to revoke a previously-granted root via the empty-list path, but in practice cowork mounts are additive in our usage pattern.