Fix path traversal, Dockerfile build, and per-session transport

GeneralJerel · GeneralJerel · commit bdd69c2514a5 · 2026-03-20T08:56:51.000-07:00
- Validate resolved path stays within SKILLS_DIR to prevent traversal
- Remove --prod from Dockerfile install so tsc is available for build
- Remove pnpm-lock.yaml from .gitignore so Dockerfile --frozen-lockfile works
- Create per-session transport instances instead of sharing one globally
- Add sync warning comment on forked renderer CSS
diff --git a/apps/mcp/.gitignore b/apps/mcp/.gitignore
@@ -9,4 +9,3 @@ yarn-error.log*
 .DS_Store
 .turbo/
 .venv/
-pnpm-lock.yaml
diff --git a/apps/mcp/Dockerfile b/apps/mcp/Dockerfile
@@ -13,7 +13,7 @@ COPY package.json pnpm-lock.yaml ./
 RUN npm install -g pnpm@9
 
 # Install dependencies
-RUN pnpm install --prod --frozen-lockfile
+RUN pnpm install --frozen-lockfile
 
 # Copy source
 COPY tsconfig.json ./
diff --git a/apps/mcp/src/index.ts b/apps/mcp/src/index.ts
@@ -8,7 +8,7 @@ const PORT = Number(process.env.MCP_PORT) || 3100;
 const ALLOWED_ORIGINS = process.env.ALLOWED_ORIGINS?.split(",") || ["*"];
 
 const server = createMcpServer();
-const transport = new WebStandardStreamableHTTPServerTransport();
+const sessions = new Map<string, WebStandardStreamableHTTPServerTransport>();
 
 const app = new Hono();
 
@@ -31,8 +31,29 @@ app.use(
 );
 
 app.get("/health", (c) => c.json({ status: "ok" }));
-app.all("/mcp", (c) => transport.handleRequest(c.req.raw));
 
-await server.connect(transport);
+app.all("/mcp", async (c) => {
+  const sessionId = c.req.header("mcp-session-id");
+
+  if (sessionId && sessions.has(sessionId)) {
+    return sessions.get(sessionId)!.handleRequest(c.req.raw);
+  }
+
+  const transport = new WebStandardStreamableHTTPServerTransport();
+  await server.connect(transport);
+
+  const response = await transport.handleRequest(c.req.raw);
+
+  const newSessionId = response.headers.get("mcp-session-id");
+  if (newSessionId) {
+    sessions.set(newSessionId, transport);
+    transport.onclose = () => {
+      sessions.delete(newSessionId);
+    };
+  }
+
+  return response;
+});
+
 serve({ fetch: app.fetch, port: PORT });
-console.error(`MCP server running on http://localhost:${PORT}/mcp`);
+console.log(`MCP server running on http://localhost:${PORT}/mcp`);
diff --git a/apps/mcp/src/renderer.ts b/apps/mcp/src/renderer.ts
@@ -1,5 +1,6 @@
 // OpenGenerativeUI Design System CSS and Bridge JS
 // Forked from apps/app/src/components/generative-ui/widget-renderer.tsx
+// WARNING: Keep in sync with the source widget-renderer.tsx when the design system changes.
 
 const THEME_CSS = `
 :root {
diff --git a/apps/mcp/src/skills.ts b/apps/mcp/src/skills.ts
@@ -14,5 +14,9 @@ export function listSkills(): string[] {
 }
 
 export function loadSkill(name: string): string {
-  return readFileSync(resolve(SKILLS_DIR, `${name}.txt`), "utf-8");
+  const resolved = resolve(SKILLS_DIR, `${name}.txt`);
+  if (!resolved.startsWith(resolve(SKILLS_DIR) + "/")) {
+    throw new Error(`Invalid skill name: ${name}`);
+  }
+  return readFileSync(resolved, "utf-8");
 }

Original file line number	Diff line number	Diff line change
`@@ -14,5 +14,9 @@ export function listSkills(): string[] {`
`14`	`14`	`}`
`15`	`15`
`16`	`16`	`export function loadSkill(name: string): string {`
`17`		- return readFileSync(resolve(SKILLS_DIR, `${name}.txt`), "utf-8");
	`17`	+ const resolved = resolve(SKILLS_DIR, `${name}.txt`);
	`18`	`+ if (!resolved.startsWith(resolve(SKILLS_DIR) + "/")) {`
	`19`	+ throw new Error(`Invalid skill name: ${name}`);
	`20`	`+ }`
	`21`	`+ return readFileSync(resolved, "utf-8");`
`18`	`22`	`}`