fix(filesystem): include error reason + enumerate failed dirs at startup (#4152)

[daveCode-dot]

Summary

Closes #4152. The secure-filesystem-server's startup validation already filters inaccessible allowed_directories entries, but the diagnostic surface is too thin: per-directory warnings omit the underlying OS error and the aggregate fatal error doesn't enumerate which paths failed. Hosts that surface only the final stderr line (e.g. Claude Desktop in the original report) end up showing users an opaque "Server disconnected" toast with nothing to act on.

This change keeps the existing log strings stable for grep-based consumers and adds the missing reason / enumeration so the diagnostic is actionable.

Repro

cd src/filesystem && npm run build

# 1) Single missing directory: silent-ish exit (no reason, no enumeration)
node dist/index.js /nonexistent/foo
# stderr (before): Warning: Cannot access directory /nonexistent/foo, skipping
#                  Error: None of the specified directories are accessible
# exit code 1, but a host showing only the final line cannot tell the user
# *which* directory was bad or *why*.

# 2) Mixed valid/invalid: only the warning line names the path, no reason
node dist/index.js /nonexistent/bar /tmp
# stderr (before): Warning: Cannot access directory /nonexistent/bar, skipping

Fix

src/filesystem/index.ts — startup validation now tracks failed entries with their reason and:

• Appends the underlying error message to the per-directory warning, e.g. Cannot access directory /missing, skipping (ENOENT: no such file or directory, stat '/missing').
• Enumerates every failed entry inside the aggregate fatal error so a host capturing only the final stderr line gets the full list:

Error: None of the specified directories are accessible:
  - /nonexistent/foo (ENOENT: no such file or directory, stat '/nonexistent/foo')
  - /tmp/secret.txt (not a directory)

The four pre-existing startup-validation.test.ts cases continue to pass unchanged — the legacy Warning: Cannot access directory and Error: None of the specified directories are accessible substrings are preserved.

Tests

src/filesystem/__tests__/startup-validation.test.ts adds two regression cases pinned to #4152:

• should include the underlying error reason in the per-directory warning (#4152) — asserts /ENOENT|no such file or directory/i shows up in stderr alongside the path.
• should list every offending directory inside the aggregate startup error (#4152) — slices stderr from the Error: marker and verifies both failing paths appear in the aggregate, not only as scattered earlier warnings.

Local result, ran from src/filesystem:

npx vitest run
Test Files  7 passed (7)
     Tests  148 passed (148)

No regression in the other six test files (directory-tree, lib, path-utils, path-validation, roots-utils, structured-content).

Adjacent gaps (out of scope · raising for maintainer decision)

While auditing this code path I noticed roots-utils.ts already exposes a formatDirectoryError(dir, error?, reason?) helper used by getValidRootDirectories(). There are now two error-formatting styles for the same domain:

• index.ts startup: Cannot access directory <dir>, skipping (<reason>) and - <dir> (<reason>) enumeration
• roots-utils.ts MCP roots: Skipping invalid directory: <dir> due to error: <message>

Standardising on a single format (either by exporting formatDirectoryError and adopting it in index.ts, or vice-versa) would remove this drift, but it changes user-facing log strings and the right shape is a maintainer call rather than a unilateral choice in this PR. Happy to follow up with a separate PR once you indicate which way you'd like to consolidate.

Notes

• No package.json / version bump — leaving release cadence to the maintainers.
• No new dependencies.
• The failedEntries list is built only during startup so there is no runtime cost on the hot path.

🤖 Co-authored with Claude Code