A Python server implementing Model Context Protocol (MCP) for secure filesystem operations.

• Read/write files with multiple access methods (whole file, line ranges, keyword-based)
• Create/list directories and file trees
• Move files/directories
• Search files by name and content
• Perform diff-based edits with preview support
• Get detailed file metadata (size, permissions, ownership)
• Git-aware directory tree listing respecting .gitignore
• Function/keyword search in files with contextual results
• Multi-file read operations
• Path validation and security checks

Note: The server only allows operations within directories specified via command-line arguments.

Build the Docker image locally:

docker build -t mcp/filesystem .

Add this to your claude_desktop_config.json:

{
  "mcpServers": {
    "filesystem": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "--mount", "type=bind,src=/path/to/your/directory,dst=/projects",
        "mcp/filesystem",
        "/projects"
      ]
    }
  }
}

Note: All directories are mounted to /projects by default. Adding the ,ro flag will make the directory read-only.

• Read complete contents of a file
• Input: path (string)

• Read multiple files simultaneously
• Input: paths (string[])
• Failed reads won't stop the entire operation

• Read specific lines or line ranges from a file
• Inputs:
  • path (string)
  • ranges (string[]): Line numbers or ranges (e.g., ["5", "10-20"])

• Find lines containing a keyword with optional context
• Inputs:
  • path (string)
  • keyword (string): Text to search for
  • before (int): Lines to include before match (default: 0)
  • after (int): Lines to include after match (default: 0)
  • use_regex (bool): Use regex pattern (default: false)
  • ignore_case (bool): Case-insensitive search (default: false)
• Returns matching lines with ">" prefix and line numbers

• Extract function definitions by keyword
• Inputs:
  • path (string)
  • keyword (string): Typically function name
  • before (int): Lines to include before match (default: 0)
  • use_regex (bool): Use regex pattern (default: false)

• Create or overwrite a file
• Inputs:
  • path (string)
  • content (string)

• Make surgical edits to a file without specifying line numbers
• Inputs:
  • path (string)
  • replacements (object): Dictionary with keys as content to find and values as replacement content
  • inserts (object): Dictionary for inserting content after specified anchor text
  • replace_all (boolean): Replace all occurrences or just first match (default: true)
  • dry_run (boolean): Preview changes without applying (default: false)
• Returns a summary of changes made

• Edit a file with precise line number specifications
• Inputs:
  • path (string)
  • edits (object): Dictionary of edits with keys as line specifiers and values as content
    • "N": Replace line N with provided content
    • "N-M": Replace lines N through M with provided content
    • "Ni": Insert content after line N (use "0i" for beginning)
    • "a": Append content to end of file
  • dry_run (boolean): Preview changes without applying (default: false)
• Returns a summary of applied changes

• Create directory or ensure it exists
• Input: path (string)
• Creates parent directories if needed

• List directory contents with [FILE] or [DIR] prefixes
• Input: path (string)

• Get a recursive tree view of files and directories with metadata
• Inputs:
  • path (string)
  • count_lines (boolean): Include line counts (default: false)
  • show_permissions (boolean): Show file permissions (default: false)
  • show_owner (boolean): Show file ownership information (default: false)
  • show_size (boolean): Show file sizes (default: false)

• Get a directory tree for a git repository respecting .gitignore
• Inputs:
  • path (string)
  • count_lines (boolean): Include line counts (default: false)
  • show_permissions (boolean): Show file permissions (default: false)
  • show_owner (boolean): Show file ownership information (default: false)
  • show_size (boolean): Show file sizes (default: false)

• Move or rename files and directories
• Inputs:
  • source (string)
  • destination (string)

• Recursively search for files/directories matching a pattern
• Inputs:
  • path (string): Starting directory
  • pattern (string): Search pattern (case-insensitive)
  • excludePatterns (string[]): Glob patterns to exclude
• Returns full paths to all matching files and directories

• Get detailed file metadata
• Input: path (string)
• Returns size, creation time, modified time, permissions, etc.

• List all directories the server is allowed to access

The server implements comprehensive security measures:

• Maintains a whitelist of allowed directories specified via command-line arguments
• Performs strict path validation to prevent unauthorized access outside allowed directories
• Validates symlink targets to ensure they don't escape the allowed directories
• Handles circular symlinks and invalid paths gracefully
• Verifies parent directories for non-existent paths to ensure they're within allowed boundaries

• Python 3.12+
• MCP 1.5.0+
• Docker
• httpx 0.28.1+
• Git (optional, for git_directory_tree)

MIT