feat: Add configurable directory restriction for file execution

- Add CSX_ALLOWED_PATH environment variable support for directory restriction
- When set, only allows script execution from specified directory
- Add test for restricted path validation
- Update README with security feature documentation

This addresses the additional code review feedback about path security.

🤖 Generated with Claude Code

Co-Authored-By: Claude <[email protected]>

Author: ElanHasson

README.md

@@ -244,6 +244,9 @@ This will:
 - 🔐 Console output is captured to prevent interference with MCP stdio protocol
 - 🐳 Docker container runs as non-root user for additional security
 - 🛡️ Use appropriate sandboxing when running untrusted scripts
+- 📁 File access can be restricted via `CSX_ALLOWED_PATH` environment variable
+- 🔒 Only .csx files are allowed for execution
+- ⏱️ Scripts have a configurable timeout (default 30 seconds)
 
 ## Contributing
 

src/InfinityFlow.CSharp.Eval/Tools/CSharpEvalTools.cs

@@ -45,6 +45,18 @@ public async Task<string> EvalCSharp(
                         return $"Error: Only .csx files are allowed. Provided: {csxFile}";
                     }
 
+                    // Optional: Restrict to specific directories for additional security
+                    // This can be configured via environment variable
+                    var allowedPath = Environment.GetEnvironmentVariable("CSX_ALLOWED_PATH");
+                    if (!string.IsNullOrEmpty(allowedPath))
+                    {
+                        var normalizedAllowedPath = Path.GetFullPath(allowedPath);
+                        if (!fullPath.StartsWith(normalizedAllowedPath, StringComparison.OrdinalIgnoreCase))
+                        {
+                            return $"Error: File access is restricted to {normalizedAllowedPath}";
+                        }
+                    }
+                    
                     if (!File.Exists(fullPath))
                     {
                         return $"Error: File not found: {fullPath}";

tests/InfinityFlow.CSharp.Eval.Tests/CSharpEvalToolsTests.cs

@@ -161,6 +161,27 @@ public async Task EvalCSharp_WithNonCsxFile_ReturnsError()
         result.Should().Be($"Error: Only .csx files are allowed. Provided: {nonCsxFile}");
     }
 
+    [Test]
+    public async Task EvalCSharp_WithRestrictedPath_ReturnsError()
+    {
+        // Arrange
+        var restrictedFile = "/etc/passwd.csx";
+        Environment.SetEnvironmentVariable("CSX_ALLOWED_PATH", "/tmp");
+
+        try
+        {
+            // Act
+            var result = await _sut.EvalCSharp(csxFile: restrictedFile);
+
+            // Assert
+            result.Should().StartWith("Error: File access is restricted to");
+        }
+        finally
+        {
+            Environment.SetEnvironmentVariable("CSX_ALLOWED_PATH", null);
+        }
+    }
+
     [Test]
     [Ignore("Timeout functionality needs refinement - infinite loops may not respect cancellation")]
     public async Task EvalCSharp_WithTimeout_ReturnsTimeoutError()