Feat/rust filesystem server#2384

Merged

crivetimihai merged 65 commits intoIBM:mainfrom

cafalchio:feat/rust_filesystem_server

Jan 24, 2026

Collaborator

cafalchio commented Jan 24, 2026

✨ Feature / Enhancement PR

🔗 Epic / Issue

Link to the epic or parent issue:
Closes #266

🚀 Summary (1-2 sentences)

What does this PR add or change?
Add Rust MCP server that exposes a comprehensive file-system toolkit

🧪 Checks

make clippy passes
make check passes
make test passes >90% coverage

📓 Notes

sandbox check for folders inside root for security
docker image size < 10Mb
currently only allows streamable-http by default
User Story 3 — Helm Deployment not implemented
Mitigate TOCTOU vulnerability, but further analysis is necessary

cafalchio requested a review from crivetimihai as a code owner

January 24, 2026 20:11

cafalchio force-pushed the feat/rust_filesystem_server branch from d85ec10 to ecef715 Compare

January 24, 2026 21:08

crivetimihai self-assigned this

cafalchio and others added 27 commits

January 24, 2026 21:50


          Initial commit for filesystem server

3a1858c

    - added stdio simple server
    - implemented list_directory tool

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Improved main runner

    - Added argument handler
    - improve tracing
    - implemented streamable-http

Signed-off-by: cafalchio <maolivei@tcd.ie>


          added tracing info for each call

ebc93a1

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Implemented search files recursively

cc265ee

    - use glob patterns
    - Added search to tools
    - Handle errors
    - Improve descriptions

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Added files for new functions

2a23498

    - Updated cargo file for file search

Signed-off-by: cafalchio <maolivei@tcd.ie>


          implemented case insensitive search: Lowercase filenames and patterns

8781ed1

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Implemented read_file function and added to a server

8abf815

    -  check for Max file size 1Mb
    - check if the path is a file

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Added tracing for read file, improved error description

4a781a0

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Added get_file_info

0e6fe22

    - get size, created, modified and permissions
    - Added to the server

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Added Read multiple files

621e58f

    - use read file for each content
    - read async
    - added to server tools

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Added write_file toold func

82f1412

    - Write to a tempfile uuid
    - rename file to actual name
    - remove tempfile

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Added create_directory tool

58583f7

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Added create_directory to server and implemented placeholder for list…

d4b4dcf

…_allowed_directories

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Changed release config to reduce bin size

c73bb1e

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Implemented move file function.

c6844ff

    - fails if destination exists

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Added move_file to the server

e5a8111

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Added edit file to the server

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Added edit_file

af426fd

    - support dry_run
    - use similar to get diffs

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Adding sandbox for path ccheck

da9f01c

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Apply fix to reduce TOCTOU vulnerability

32048e9

    - atomic write, no checks and write

Signed-off-by: cafalchio <maolivei@tcd.ie>


          improve read to reduce TOCTOU vulnerability

666a800

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Stopped to follow symlink on search (security)

9ace115

Signed-off-by: cafalchio <maolivei@tcd.ie>


          removed unused import

e2c6d24

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Improved Sandbox for TOCTOU safety

89825f8

    - initialize sandbox once
    - check if new folders are inside root
    - resolve path inside root

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Added get_roots for server list_allowed_directories

2494a37

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Using sanbox resolve path before ger file info

99a233e

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Added sandox to write_file and create_directory

ac02163

    - validade parent folder
    - clean tempfile after
   - check new folder inside root

Signed-off-by: cafalchio <maolivei@tcd.ie>

cafalchio and others added 24 commits

January 24, 2026 21:52


          Improved logs for list_allowed_directories and linted file

144fe0e

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Improve test coverage for server

f84a035

    - iimproved logs in server

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Linted using cargo clippy

31cb07e

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Simplified main.rs and moved server code to lib.rs for integration tests

f7ae333

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Added integration tests to simulate workflows

4e83bb5

    - file and folder manipulation workflow
    - permission and metadata workflow
    - search and organise workflow
    - server tests

Signed-off-by: cafalchio <maolivei@tcd.ie>


          formatted and clippped integration tests

91693a5

Signed-off-by: cafalchio <maolivei@tcd.ie>


          added result where it was missing in tool call result

9ebca39

    - rename all outputs to result

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Normalized write file and create directory output

bb70aa2

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Structured search and write outputs

6ab5100

    - update tests

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Fixed write result not showing errors correctly

4b83420

    - server will return WriteResult
    - create_directory return err or string
    - fixed test create_directory tests

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Normalized output result for write_file

36b52e4

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Normalized tool result outpus

93d7be0

    - Keep consistency between tools
    - Return MPC error or success
    - reorganised tools between files
    - updated tests

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Added server start banner

07b8279

Signed-off-by: cafalchio <maolivei@tcd.ie>


          fixed main receiving multiple roots

0ebd01e

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Clipped and formatted

6d2bf9c

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Removed justfile and added Makefile

eb2e438

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Added correct readme

2344e04

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Added dockerfile

eead8c7

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Improved tracing logs

3c671a4

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Update test coverage and binary size in readme

05789cf

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Removed umused dependency

ca228c2

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Updated cargo dependencies

e139413

Signed-off-by: cafalchio <maolivei@tcd.ie>


          Updted deprecated InitializedRequestParam

0e04829

Signed-off-by: cafalchio <maolivei@tcd.ie>


          fix: correct error messages and documentation in filesystem server

c5ba51b

- Fix misleading error messages in server.rs that said "Error writing file"
  when the actual operation was read, move, or get_file_info
- Update README to accurately reflect that move_file overwrites destination
  (previously incorrectly stated it fails)

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

crivetimihai force-pushed the feat/rust_filesystem_server branch from ecef715 to c5ba51b Compare

January 24, 2026 22:06

Member

crivetimihai commented Jan 24, 2026

Thanks for this excellent contribution @cafalchio! 🎉

I've rebased your branch onto the latest main and made a few minor fixes. Here's a summary:

Changes Made

Rebase & Cleanup

Rebased all commits onto current main (no conflicts)
Removed a duplicate commit ([PERFORMANCE]: Fix remaining N+1 queries... [PERFORMANCE]: Fix remaining N+1 queries in list_servers, list_agents… #1884) that was already merged into main

Bug Fixes

Fixed misleading error messages in server.rs:
- read_file: "Error writing file" → "Error reading file"
- move_file: "Error writing file" → "Error moving file"
- read_multiple_files: "Error writing file" → "Error reading files"
- get_file_info: "Error writing file" → "Error getting file info"

Documentation Fix

Updated README: move_file actually overwrites destination if it exists (previously stated it fails)

Review Summary

✅ Positives

Strong security design: Sandbox validates paths, blocks symlink traversal, uses canonicalization
TOCTOU mitigations: Atomic writes via temp file + rename, path resolution before operations
Excellent test coverage: ~91% line coverage with 80 tests (unit + integration)
Clean code: Passes clippy with no warnings, well-organized module structure
Comprehensive toolset: 10 filesystem tools covering all common operations
Good documentation: README with usage examples and test coverage table

⚠️ Notes

Unix-only: tools/info.rs uses Unix-specific permissions API (fine for current use case)
Uses Rust 2024 edition (requires Rust ≥1.92)

Test Results

✅ 71 unit tests passed
✅ 9 integration tests passed
✅ Clippy: no warnings

The branch has been force-pushed with these changes. Let me know if you have any questions!

crivetimihai approved these changes

View reviewed changes

crivetimihai merged commit a7e79c5 into IBM:main

39 of 40 checks passed

kcostell06 pushed a commit to kcostell06/mcp-context-forge that referenced this pull request


          Feat/rust filesystem server (IBM#2384)

a76deab

* Initial commit for filesystem server
    - added stdio simple server
    - implemented list_directory tool

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Improved main runner
    - Added argument handler
    - improve tracing
    - implemented streamable-http

Signed-off-by: cafalchio <maolivei@tcd.ie>

* added tracing info for each call

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Implemented search files recursively
    - use glob patterns
    - Added search to tools
    - Handle errors
    - Improve descriptions

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Added files for new functions
    - Updated cargo file for file search

Signed-off-by: cafalchio <maolivei@tcd.ie>

* implemented case insensitive search: Lowercase filenames and patterns

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Implemented read_file function and added to a server
    -  check for Max file size 1Mb
    - check if the path is a file

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Added tracing  for read file, improved error description

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Added get_file_info
    - get size, created, modified and permissions
    - Added to the server

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Added Read multiple files
    - use read file for each content
    - read async
    - added to server tools

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Added write_file toold func
    - Write to a tempfile uuid
    - rename file to actual name
    - remove tempfile

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Added  create_directory  tool

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Added create_directory to server and implemented placeholder for list_allowed_directories

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Changed release config to reduce bin size

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Implemented move file function.
    - fails if destination exists

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Added move_file to the server

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Added edit file to the server

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Added edit_file
    - support dry_run
    - use similar to get diffs

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Adding sandbox for path ccheck

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Apply fix to reduce TOCTOU vulnerability
    - atomic write, no checks and write

Signed-off-by: cafalchio <maolivei@tcd.ie>

* improve read to reduce TOCTOU vulnerability

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Stopped to follow symlink on search (security)

Signed-off-by: cafalchio <maolivei@tcd.ie>

* removed unused import

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Improved Sandbox for TOCTOU safety
    - initialize sandbox once
    - check if new folders are inside root
    - resolve path inside root

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Added get_roots for server  list_allowed_directories

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Using sanbox resolve path before ger file info

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Added sandox to write_file and create_directory
    - validade parent folder
    - clean tempfile after
   - check new folder inside root

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Added sandbox to write file
    - canonicalize and check new folders
    -  check parent folders
    - on create directory, check if exists

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Added sandbox check  for list_directory

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Added sandbox check for edit_file and move_file
   -  check and canonicalize destination parent

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Apply sandbox checks for read_file and read_multiple_files

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Changed sandbox initialization from global to context
    - removed global sandbox
    - initialize sandbox in main and pass to each function

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Added tests for searc_files and  list_directories
    - test for symlinks
    - test for path outside roots
    - > 95% coverage
    - formatted using fmt

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Formatted files using cargo fmt

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Added tests for get_file_info

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Added test coverage for read_file and read_multiple_files

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Added unit test coverage for write_file and create_directory

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Improve test coverage for edit_file and move_file

Signed-off-by: cafalchio <maolivei@tcd.ie>

* format edit.rs

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Added test coverage for sandbox

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Improve server runner
    - addded sever gracefully shutdown
    -  Declare Config values in main
    -  Improve server logs

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Improved logs for list_allowed_directories and linted file

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Improve test coverage for server
    - iimproved logs in server

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Linted using cargo clippy

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Simplified main.rs and moved server code to lib.rs for integration tests

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Added integration tests to simulate workflows
    - file and folder manipulation workflow
    - permission and metadata workflow
    - search and organise workflow
    - server tests

Signed-off-by: cafalchio <maolivei@tcd.ie>

* formatted and clippped integration tests

Signed-off-by: cafalchio <maolivei@tcd.ie>

* added result where it was missing in tool call result
    - rename all outputs to result

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Normalized write file and create directory output

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Structured search and write outputs
    - update tests

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Fixed write result not showing errors correctly
    - server will return WriteResult
    - create_directory return err or string
    - fixed test create_directory tests

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Normalized output result for write_file

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Normalized tool result outpus
    - Keep consistency between tools
    - Return MPC error or success
    - reorganised tools between files
    - updated tests

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Added server start banner

Signed-off-by: cafalchio <maolivei@tcd.ie>

* fixed main receiving multiple roots

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Clipped and formatted

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Removed justfile and added Makefile

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Added correct readme

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Added dockerfile

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Improved tracing logs

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Update test coverage and binary size  in readme

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Removed umused dependency

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Updated cargo dependencies

Signed-off-by: cafalchio <maolivei@tcd.ie>

* Updted deprecated InitializedRequestParam

Signed-off-by: cafalchio <maolivei@tcd.ie>

* fix: correct error messages and documentation in filesystem server

- Fix misleading error messages in server.rs that said "Error writing file"
  when the actual operation was read, move, or get_file_info
- Update README to accurately reflect that move_file overwrites destination
  (previously incorrectly stated it fails)

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: cafalchio <maolivei@tcd.ie>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet