third-party-mirrors/navidrome
1
0
Fork 0
mirror of https://github.com/navidrome/navidrome.git synced 2025-05-05 21:01:08 +03:00
Code Issues Packages Projects Releases Wiki Activity

feat: grant filesystem access for WASM modules in MCPAgent

Browse Source 
Enhance the MCPAgent's WASM module initialization by granting access to the host filesystem. This is necessary for DNS lookups and other operations that may depend on filesystem access. Added comments to highlight the security implications of this change and the need for potential restrictions in the future.
This commit is contained in:
Deluan 2025-04-19 14:46:54 -04:00
parent 6b89f7ab63
commit fb0714562d
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
core/agents/mcp/mcp_agent.go
View File

@ -343,7 +343,11 @@ func (a *MCPAgent) startWasmModule(ctx context.Context) (hostStdinWriter io.Writ
WithStdin(wasmStdinReader).
WithStdout(wasmStdoutWriter).
WithStderr(os.Stderr).
WithArgs(McpServerPath)
WithArgs(McpServerPath).
// Grant access to the host filesystem. Needed for DNS lookup (/etc/resolv.conf)
// and potentially other operations depending on the module.
// SECURITY: This grants broad access; consider more restricted FS if needed.
WithFS(os.DirFS("/"))
log.Debug(ctx, "Compiling WASM module (using cache if enabled)...")
// Compile module using the shared runtime (which uses the configured cache)