- Default to user's home directory instead of current working directory when MCP_PROJECT_ROOT is not set
- Replace fragile root directory check with cross-platform compatible approach using Path.parent == Path
- Add SANDBOX_MODE flag to explicitly track whether sandbox is user-configured or default
- Enhance security documentation to clarify the three-tier access model
- Prevent potential security vulnerabilities from overly permissive directory access
This change ensures more predictable and secure file access behavior, especially when the server
is launched from system directories or through automated tools like Claude Desktop.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
e5f721a0d9