Filesystem MCP Server

Empower your AI agents with robust, platform-agnostic file system capabilities, now with STDIO & Streamable HTTP transport options.

This Model Context Protocol (MCP) server provides a secure and reliable interface for AI agents to interact with the local filesystem. It enables reading, writing, updating, and managing files and directories, backed by a production-ready TypeScript foundation featuring comprehensive logging, error handling, security measures, and now supporting both STDIO and HTTP transports.

Overview

The Model Context Protocol (MCP) is a standard framework allowing AI models to securely interact with external tools and data sources (resources). This server implements the MCP standard to expose essential filesystem operations as tools, enabling AI agents to:

Read and analyze file contents.
Create, modify, or overwrite files.
Manage directories and file paths.
Perform targeted updates within files.

Built with TypeScript, the server emphasizes type safety, modularity, and robust error handling, making it suitable for reliable integration into AI workflows. It now supports both STDIO for direct process communication and HTTP for network-based interactions.

Architecture

The server employs a layered architecture for clarity and maintainability:

Transport Layer: Handles communication via STDIO or HTTP (with Express.js and JWT authentication).
API Layer: Manages MCP communication, validates inputs using Zod, and sanitizes paths.
Core Services: Oversees configuration (Zod-validated environment variables), context-aware logging, standardized error reporting, session state (like the default working directory), and the main MCP server instance.
Tool Implementation: Contains the specific logic for each filesystem tool, leveraging a refactored set of shared utilities categorized into internal, security, metrics, and parsing modules.

Features

Comprehensive File Operations: Tools for reading, writing, listing, deleting, moving, and copying files and directories.
Targeted Updates: update_file tool allows precise search-and-replace operations within files, supporting plain text and regex.
Session-Aware Path Management: set_filesystem_default tool establishes a default working directory for resolving relative paths during a session.
Dual Transport Support:
- STDIO: For direct, efficient communication when run as a child process.
- HTTP: For network-based interaction, featuring RESTful endpoints, Server-Sent Events (SSE) for streaming, and JWT-based authentication.
Security First:
- Built-in path sanitization prevents directory traversal attacks.
- JWT authentication for HTTP transport.
- Input validation with Zod.
Robust Foundation: Includes production-grade utilities, now reorganized for better modularity:
- Internal Utilities: Context-aware logging (Winston), standardized error handling (McpError, ErrorHandler), request context management.
- Security Utilities: Input sanitization, rate limiting, UUID and prefixed ID generation.
- Metrics Utilities: Token counting.
- Parsing Utilities: Natural language date parsing, partial JSON parsing.
Enhanced Configuration: Zod-validated environment variables for type-safe and reliable setup.
Type Safety: Fully implemented in TypeScript for improved reliability and maintainability.

Installation

Steps

Clone the repository:
git clone https://github.com/cyanheads/filesystem-mcp-server.git cd filesystem-mcp-server
Install dependencies:
npm install
Build the project:
npm run build
This compiles the TypeScript code to JavaScript in the dist/ directory and makes the main script executable. The executable will be located at dist/index.js.

Configuration

Configure the server using environment variables (a .env file is supported):

Core Server Settings:

MCP_LOG_LEVEL (Optional): Minimum logging level (e.g., debug, info, warn, error). Defaults to debug.
LOGS_DIR (Optional): Directory for log files. Defaults to ./logs in the project root.
NODE_ENV (Optional): Runtime environment (e.g., development, production). Defaults to development.

Transport Settings:

MCP_TRANSPORT_TYPE (Optional): Communication transport (stdio or http). Defaults to stdio.
- If http is selected:
  - MCP_HTTP_PORT (Optional): Port for the HTTP server. Defaults to 3010.
  - MCP_HTTP_HOST (Optional): Host for the HTTP server. Defaults to 127.0.0.1.
  - MCP_ALLOWED_ORIGINS (Optional): Comma-separated list of allowed CORS origins (e.g., http://localhost:3000,https://example.com).
  - MCP_AUTH_SECRET_KEY (Required for HTTP Auth): A secure secret key (at least 32 characters long) for JWT authentication. CRITICAL for production.

Filesystem Security:

FS_BASE_DIRECTORY (Optional): Defines the root directory for all filesystem operations. This can be an absolute path or a path relative to the project root (e.g., ./data_sandbox). If set, the server's tools will be restricted to accessing files and directories only within this specified (and resolved absolute) path and its subdirectories. This is a crucial security feature to prevent unintended access to other parts of the filesystem. If not set (which is not recommended for production environments), a warning will be logged, and operations will not be restricted.

LLM & API Integration (Optional):

OPENROUTER_APP_URL: Your application's URL for OpenRouter.
OPENROUTER_APP_NAME: Your application's name for OpenRouter. Defaults to MCP_SERVER_NAME.
OPENROUTER_API_KEY: API key for OpenRouter services.
LLM_DEFAULT_MODEL: Default LLM model to use (e.g., google/gemini-2.5-flash-preview-05-20).
LLM_DEFAULT_TEMPERATURE, LLM_DEFAULT_TOP_P, LLM_DEFAULT_MAX_TOKENS, LLM_DEFAULT_TOP_K, LLM_DEFAULT_MIN_P: Default parameters for LLM calls.
GEMINI_API_KEY: API key for Google Gemini services.

OAuth Proxy Integration (Optional, for advanced scenarios):

OAUTH_PROXY_AUTHORIZATION_URL, OAUTH_PROXY_TOKEN_URL, OAUTH_PROXY_REVOCATION_URL, OAUTH_PROXY_ISSUER_URL, OAUTH_PROXY_SERVICE_DOCUMENTATION_URL, OAUTH_PROXY_DEFAULT_CLIENT_REDIRECT_URIS: Configuration for an OAuth proxy.

Refer to src/config/index.ts and the .clinerules file for the complete list and Zod schema definitions.

Usage with MCP Clients

To allow an MCP client (like an AI assistant) to use this server:

Run the Server: Start the server from your terminal:
node dist/index.js # Or if you are in the project root: # npm start
Configure the Client: Add the server to your MCP client's configuration. The exact method depends on the client.For STDIO Transport (Default): Typically involves specifying:
- Command: node
- Arguments: The absolute path to the built server executable (e.g., /path/to/filesystem-mcp-server/dist/index.js).
- Environment Variables (Optional): Set any required environment variables from the Configuration section.
Example MCP Settings for STDIO (Conceptual):
{ "mcpServers": { "filesystem_stdio": { "command": "node", "args": ["/path/to/filesystem-mcp-server/dist/index.js"], "env": { "MCP_LOG_LEVEL": "debug" // Other relevant env vars }, "disabled": false, "autoApprove": [] } } }
For HTTP Transport: The client will need to know the server's URL (e.g., http://localhost:3010) and how to authenticate (e.g., providing a JWT Bearer token if MCP_AUTH_SECRET_KEY is set). Refer to your MCP client's documentation for HTTP server configuration.

Once configured and running, the client will detect the server and its available tools.

Available Tools

The server exposes the following tools for filesystem interaction:

Tool	Description
`set_filesystem_default`	Sets a default absolute path for the current session. Relative paths used in subsequent tool calls will be resolved against this default. Resets on server restart.
`read_file`	Reads the entire content of a specified file as UTF-8 text. Accepts relative (resolved against default) or absolute paths.
`write_file`	Writes content to a specified file. Creates the file (and necessary parent directories) if it doesn't exist, or overwrites it if it does. Accepts relative or absolute paths.
`update_file`	Performs targeted search-and-replace operations within an existing file using an array of `{search, replace}` blocks. Ideal for localized changes. Supports plain text or regex search (`useRegex: true`) and replacing all occurrences (`replaceAll: true`). Accepts relative or absolute paths. File must exist.
`list_files`	Lists files and directories within a specified path. Options include recursive listing (`includeNested: true`) and limiting the number of entries (`maxEntries`). Returns a formatted tree structure. Accepts relative or absolute paths.
`delete_file`	Permanently removes a specific file. Accepts relative or absolute paths.
`delete_directory`	Permanently removes a directory. Use `recursive: true` to remove non-empty directories and their contents (use with caution!). Accepts relative or absolute paths.
`create_directory`	Creates a new directory at the specified path. By default (`create_parents: true`), it also creates any necessary parent directories. Accepts relative or absolute paths.
`move_path`	Moves or renames a file or directory from a source path to a destination path. Accepts relative or absolute paths for both.
`copy_path`	Copies a file or directory from a source path to a destination path. For directories, it copies recursively by default (`recursive: true`). Accepts relative or absolute paths.

Refer to the tool registration files (src/mcp-server/tools/*/registration.ts) for detailed input/output schemas (Zod/JSON Schema).

Project Structure

The codebase is organized for clarity and maintainability:

filesystem-mcp-server/
├── dist/                 # Compiled JavaScript output (after npm run build)
├── logs/                 # Log files (created at runtime)
├── node_modules/         # Project dependencies
├── src/                  # TypeScript source code
│   ├── config/           # Configuration loading (index.ts)
│   ├── mcp-server/       # Core MCP server logic
│   │   ├── server.ts     # Server initialization, tool registration, transport handling
│   │   ├── state.ts      # Session state management (e.g., default path)
│   │   ├── tools/        # Individual tool implementations (one subdir per tool)
│   │   │   ├── readFile/
│   │   │   │   ├── index.ts
│   │   │   │   ├── readFileLogic.ts
│   │   │   │   └── registration.ts
│   │   │   └── ...       # Other tools (writeFile, updateFile, etc.)
│   │   └── transports/   # Communication transport implementations
│   │       ├── authentication/ # Auth middleware for HTTP
│   │       │   └── authMiddleware.ts
│   │       ├── httpTransport.ts
│   │       └── stdioTransport.ts
│   ├── types-global/     # Shared TypeScript types and interfaces
│   │   ├── errors.ts     # Custom error classes and codes (McpError, BaseErrorCode)
│   │   ├── mcp.ts        # MCP related types
│   │   └── tool.ts       # Tool definition types
│   ├── utils/            # Reusable utility modules, categorized
│   │   ├── internal/     # Core internal utilities (errorHandler, logger, requestContext)
│   │   ├── metrics/      # Metrics-related utilities (tokenCounter)
│   │   ├── parsing/      # Parsing utilities (dateParser, jsonParser)
│   │   ├── security/     # Security-related utilities (idGenerator, rateLimiter, sanitization)
│   │   └── index.ts      # Barrel export for all utilities
│   └── index.ts          # Main application entry point
├── .clinerules           # Cheatsheet for LLM assistants
├── .dockerignore
├── Dockerfile
├── LICENSE
├── mcp.json              # MCP server manifest (generated by SDK or manually)
├── package.json
├── package-lock.json
├── README.md             # This file
├── repomix.config.json
├── smithery.yaml         # Smithery configuration (if used)
└── tsconfig.json         # TypeScript compiler options

For a live, detailed view of the current structure, run: npm run tree (This script might need to be updated if src/scripts/tree.ts was part of the changes).

Developer Note: This repository includes a .clinerules file. This cheat sheet provides your LLM coding assistant with essential context about codebase patterns, file locations, and usage examples. Keep it updated as the server evolves!

License

This project is licensed under the Apache License 2.0. See the LICENSE file for details.

Install Server

HTTP connection URL

security – no known vulnerabilities

license - permissive license

quality - confirmed to work

How are these scores calculated?

local-only server

The server can only run on the client's local machine because it depends on local resources.

Tools

View all tools

A Model Context Protocol server that provides AI agents with secure access to local filesystem operations, enabling reading, writing, and managing files through a standardized interface.

Related MCP Servers

MCP Local File Reader
sworddut
-
security
A
license
-
quality
A Model Context Protocol (MCP) server that allows AI models to safely access and interact with local file systems, enabling reading file contents, listing directories, and retrieving file metadata.
Last updated -
6
9
JavaScript
MIT License
MCP Filesystem Server
safurrier
A
security
A
license
A
quality
A Model Context Protocol server that provides secure and intelligent interaction with files and filesystems, offering smart context management and token-efficient operations for working with large files and complex directory structures.
Last updated -
21
45
Python
MIT License
Filesystem MCP Server
QuantGeekDev
-
security
F
license
-
quality
A Model Context Protocol server that extends AI capabilities by providing file system access and management functionalities to Claude or other AI assistants.
Last updated -
238
6
TypeScript
MCP Filesystem Server
gabrielmaialva33
A
security
A
license
A
quality
A secure Model Context Protocol server that provides controlled filesystem access within predefined directories, enabling AI models to perform file and directory operations with strict path validation.
Last updated -
16
12
7
TypeScript
MIT License

View all related MCP servers

Filesystem MCP Server