From d6504cffacc9c1ab93ab76163a002651094081e0 Mon Sep 17 00:00:00 2001 From: Fahad Date: Mon, 9 Jun 2025 20:35:58 +0400 Subject: [PATCH] docs: add security section for file access configuration - Document that default access is to home directory - Explain how to restrict access using MCP_PROJECT_ROOT - Remove API key warning as requested (applies to all MCP servers) This helps users understand the security model and how to configure it for their specific needs. --- README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/README.md b/README.md index 00396af..7250c35 100644 --- a/README.md +++ b/README.md @@ -747,6 +747,20 @@ When using any Gemini tool, always provide absolute paths: ❌ "Use gemini to analyze ./src/main.py" (will be rejected) ``` +### Security & File Access + +By default, the server allows access to files within your home directory. This is necessary for the server to work with any file you might want to analyze from Claude. + +**To restrict access to a specific project directory**, set the `MCP_PROJECT_ROOT` environment variable: +```json +"env": { + "GEMINI_API_KEY": "your-key", + "MCP_PROJECT_ROOT": "/Users/you/specific-project" +} +``` + +This creates a sandbox limiting file access to only that directory and its subdirectories. + ## Installation 1. Clone the repository: