Commit 1bca40f

committed

feat: align build system and add root path security restriction

Align system-monitor-server with fast-time-server reference implementation and add chroot-like root directory restriction for enhanced security. Build System Improvements: - Restructure Makefile following fast-time-server conventions - Add dynamic help system with emoji section headers - Add version injection via LDFLAGS - Add multiple run modes (stdio, http, sse, dual, rest) - Add MCP tool testing targets (test-metrics, test-processes, test-health) - Add comprehensive quality checks (fmt, vet, lint, staticcheck, security) - Add benchmarking and performance testing targets - Update .gitignore to include dist/ and coverage/ directories - Add staticcheck.conf for static analysis configuration Security Enhancements: - Add root_path configuration for chroot-like file access restriction - Enforce root boundary BEFORE allowed_paths checks (defense in depth) - Root restriction prevents access outside configured directory tree - Backward compatible: empty root_path maintains existing behavior - Add comprehensive tests for root path validation Documentation: - Rewrite README.md following fast-time-server style - Add Root Directory Restriction security section - Update configuration examples with root_path - Improve Quick Start and Development sections - Add cross-compilation instructions - Document all security features comprehensively Configuration: - Add security.root_path setting to config.yaml - Document production recommendation for root restriction - Update security comments for clarity Testing: - Add TestLogMonitorRootPathRestriction with comprehensive coverage - Update all NewLogMonitor calls to include root_path parameter - All tests passing (4 packages, 50+ tests) Signed-off-by: Mihai Criveti <[email protected]> Signed-off-by: Mihai Criveti <[email protected]>

1 parent 368c2cf commit 1bca40fCopy full SHA for 1bca40f

19 files changed

+5190

-5188

lines changed

mcp-servers/go/system-monitor-server
- .gitignore
- Makefile
- README.md
- cmd/server
  - main.go
  - main_test.go
- config.yaml
- go.mod
- internal
  - config
    - config.go
    - config_test.go
  - metrics
  - monitor
- pkg/types
  - metrics.go
- staticcheck.conf

19 files changed

+5190

-5188

lines changed

`‎mcp-servers/go/system-monitor-server/.gitignore‎`

-Original file line number
+Diff line change
 # Go build artifacts
 system-monitor-server
 *.bin
 +dist/
 +coverage/
 +coverage.html
 # Dependency directories
 vendor/

Comments

(0)