Skip to content

fix(@angular/cli): restrict MCP workspace access to allowed client roots during resolution#33087

Merged
alan-agius4 merged 1 commit intoangular:mainfrom
alan-agius4:mcp
Apr 30, 2026
Merged

fix(@angular/cli): restrict MCP workspace access to allowed client roots during resolution#33087
alan-agius4 merged 1 commit intoangular:mainfrom
alan-agius4:mcp

Conversation

@alan-agius4
Copy link
Copy Markdown
Collaborator

@alan-agius4 alan-agius4 commented Apr 29, 2026

Introduces validation during workspace and project resolution to ensure the resolved workspace path falls within the allowed MCP roots defined by client capabilities. Throws an error if the workspace resolves outside the allowed roots.

Closes #33077

@alan-agius4 alan-agius4 requested a review from amishne April 29, 2026 06:31
@alan-agius4 alan-agius4 added action: review The PR is still awaiting reviews from at least one requested reviewer target: patch This PR is targeted for the next patch release and removed area: @angular/cli labels Apr 29, 2026
gemini-code-assist[bot]
gemini-code-assist Bot reviewed Apr 29, 2026
View reviewed changes
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request implements path validation for MCP tools to ensure workspace paths remain within allowed roots. It updates the resolveWorkspaceAndProject utility and various tool entry points to utilize the MCP server context for root verification. The review feedback suggests improving abstraction by using server proxy methods and adding safety checks for non-file URIs when processing client roots.

Comment thread packages/angular/cli/src/commands/mcp/workspace-utils.ts
Comment thread packages/angular/cli/src/commands/mcp/workspace-utils.ts
Comment thread packages/angular/cli/src/commands/mcp/workspace-utils.ts
@alan-agius4 alan-agius4 added action: merge The PR is ready for merge by the caretaker and removed action: review The PR is still awaiting reviews from at least one requested reviewer labels Apr 29, 2026
@clydin clydin removed the action: merge The PR is ready for merge by the caretaker label Apr 29, 2026
@alan-agius4 alan-agius4 added the action: merge The PR is ready for merge by the caretaker label Apr 30, 2026
@alan-agius4
fix(@angular/cli): restrict MCP workspace access to allowed client ro…
d15b676 
…ots during resolution

Introduces validation during workspace and project resolution to ensure the resolved
workspace path falls within the allowed MCP roots defined by client capabilities.
Throws an error if the workspace resolves outside the allowed roots.

Closes angular#33077
@alan-agius4 alan-agius4 merged commit ff88f49 into angular:main Apr 30, 2026
10 of 11 checks passed
@alan-agius4 alan-agius4 deleted the mcp branch April 30, 2026 06:14
@alan-agius4
Copy link
Copy Markdown
Collaborator Author

alan-agius4 commented Apr 30, 2026

This PR was merged into the repository. The changes were merged into the following branches:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@amishne amishne amishne approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

action: merge The PR is ready for merge by the caretaker area: @angular/cli target: patch This PR is targeted for the next patch release

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Security: Angular CLI MCP roots bypass via unvalidated workspace path

3 participants

@alan-agius4 @amishne @clydin