App File Service¶
✅ Implemented 🧪 Tested
putAppFile and the app-file resources share one internal service so tools and
resources do not call adb, run-as, simctl, or the host filesystem directly.
Service Boundary¶
- Public MCP handlers call
AppFileServiceinsrc/server/appFileService.ts. DefaultAppFileServiceowns shared validation, source preparation, device resolution for resources, provider selection, and typed result metadata.- Platform-specific behavior lives behind
AppFileProviderimplementations:AndroidAppFileProviderandIosSimulatorAppFileProvider. - Providers receive normalized app IDs, logical containers, safe relative paths, and prepared source file paths. They should not accept raw MCP arguments.
Shared Validation¶
Keep validation that is common to all platforms in the service or contract layer:
src/server/appFileContract.tsvalidates MCP schema shape and resource URI parsing.normalizeAppFileRelativePathrejects absolute paths, empty paths, repeated separators,., and..traversal.AppFileServicevalidates app IDs before provider selection so unsafe app IDs cannot reach platform path construction.
Provider-specific checks should only cover platform capability differences. For
example, Android rejects library, and iOS rejects externalFiles.
Adding Containers¶
- Add the logical name to
APP_FILE_CONTAINERSinsrc/server/appFileContract.ts. - Map the container in each provider in
src/server/appFileService.ts. - If a platform cannot support the container, throw an explicit
ActionableErrorthrough the unsupported-operation helper. Include the operation, app ID, container, and platform in the message. - Add tests in
test/server/appFileService.test.tsfor shared validation, provider routing, and the platform-specific capability behavior.
Adding Providers¶
- Implement
AppFileProviderinsrc/server/appFileService.tsor a nearby module if the provider grows large. - Register the provider in
createDefaultProviders. - Keep command-line details inside the provider. Return
AppFileListResult,AppFileReadResult, andPutAppFileResultmetadata through the service contract rather than leaking raw command output into MCP responses. - Unit-test with fakes; do not require real Android devices or iOS simulators.