MCP.so
Sign In
Servers

Filesystem MCP Server

@gomcpgo

Enhanced FileSystem MCP server

Overview

What is Filesystem MCP Server?

A secure, single-binary MCP server for filesystem operations with no runtime dependencies. It provides 18 tools for reading, writing, searching, and managing files within sandboxed directories, and is designed for AI coding workflows with Claude Desktop and Claude Code.

How to use Filesystem MCP Server?

Download the binary for your platform from the Releases page, make it executable, and set the MCP_ALLOWED_DIRS environment variable to a comma-separated list of allowed absolute paths. Then connect to any MCP client by specifying the binary as the command and the environment variable in the client’s configuration (e.g., claude_desktop_config.json for Claude Desktop).

Key features of Filesystem MCP Server

  • 18 tools covering read, write, search, replace, insert, and file management
  • Dry-run preview for replacement and insertion tools
  • Secure by default with path validation and symlink attack prevention
  • Single binary, no Node.js, Python, or other runtime required
  • Tested with Claude Desktop and Claude Code for real-world coding workflows
  • Detailed error messages explaining why access was blocked

Use cases of Filesystem MCP Server

  • Read, edit, and refactor files in AI-assisted coding sessions
  • Batch replace text or apply regex patterns across multiple files
  • Search codebase with recursive regex, respecting file type filters
  • Preview file changes before applying them via dry-run mode
  • Manage directories and files (create, move, list, get metadata) within a sandboxed scope

FAQ from Filesystem MCP Server

What runtime does Filesystem MCP Server require?

No runtime dependencies – it is a single, pre-compiled binary for macOS, Linux, or Windows.

How do I restrict which directories the server can access?

Set the MCP_ALLOWED_DIRS environment variable with a comma-separated list of absolute paths. The server will only operate within those directories.

Can I preview changes before applying them?

Yes, all replacement and insertion tools support a dry_run parameter that shows what would be changed without modifying any files.

How does the server prevent unauthorized file access?

It resolves all paths to their canonical form, blocks ../ traversal attempts, validates that symlink targets stay inside allowed directories, and rejects broken symlinks. Access denials are logged with a SECURITY: prefix.

What platforms are supported?

Pre-built binaries are available for macOS (Apple Silicon and Intel), Linux (x86_64 and ARM64), and Windows (x86_64).

More from Files & Storage