hashfile-mcp
Hashfile MCP Server
Fine-Grained Control for AI File Operations β A Model Context Protocol (MCP) server that gives you surgical precision over file editing and ironclad control over file access.
Why Hashfile MCP?
π― Surgical File Editing
Unlike traditional line-number-based editing that breaks when files change, Hashfile uses content-anchored operations:
Hash-Anchored Lines: Every line tagged with a content hash β edits target the right content, not just the right line number
Fuzzy Matching: Automatically finds moved lines even after insertions/deletions
Collision Detection: File-level verification prevents editing stale content
Multi-Operation Edits: Apply multiple precise changes in a single atomic operation
π Ironclad Access Control
Take complete control over what AI agents can touch with AGENTS.md frontmatter:
forbidden: Block access to secrets, credentials, sensitive dataread_only: Allow reading schemas, configs, lock files β prevent modificationsignore: Hide generated code, dependencies, build artifacts from AI contextHierarchical Discovery: Place AGENTS.md anywhere in your tree β nearest file wins
Glob Patterns: Fine-tune access with wildcards (
secrets/**,**/*.env)
π Full AGENTS.md Documentation | π Proposal Spec
π οΈ Drop-In Filesystem Compatibility
All standard MCP filesystem tools included:
list_directoryβ Browse with[FILE]/[DIR]prefixesdirectory_treeβ Compact tree view (10x more token-efficient than JSON)create_directoryβ Recursive directory creationmove_fileβ Rename/move files and directorieswrite_fileβ Raw UTF-8 writes (non-hashline)read_multiple_filesβ Batch reads in one operation
Features at a Glance
Feature | Benefit |
Hash-Anchored Editing | Edits survive file changes β no more "line 42 doesn't match" errors |
Content Verification | 6-character file hashing prevents race conditions |
AGENTS.md Support | Declarative access control β protect secrets, lock schemas, hide noise |
Fuzzy Line Matching | Finds the right line even after insertions/deletions |
9 MCP Tools | 3 hashline tools + 6 standard filesystem tools |
Zero Dependencies | Pure Rust, compiles to a single binary |
Installation
cargo build --releaseThe binary will be at target/release/hashfile-mcp.
Quick Start
1. Configure Your MCP Client
Add to Claude Desktop or your MCP client config:
{
"mcpServers": {
"hashfile": {
"command": "/path/to/hashfile-mcp/target/release/hashfile-mcp"
}
}
}2. (Optional) Add Access Control
Create AGENTS.md in your project root:
---
forbidden:
- "secrets/**"
- "**/*.env"
- ".git/**"
read_only:
- "package-lock.json"
- "Cargo.lock"
- "schema.sql"
ignore:
- "node_modules/**"
- "target/**"
- "**/*.generated.ts"
---
# Project Instructions
Your custom instructions for AI agents here...3. Start Editing
The AI can now:
β Read and edit source files with hash-anchored precision
β Browse directories and create new files
β Cannot touch your secrets or
.envfilesβ Cannot modify lock files or schemas
π Won't see
node_modulesor build artifacts
How Hashline Works
The Problem
Traditional line-number editing fails when files change:
Agent: "Replace line 42"
Reality: Someone inserted 3 lines at the top
Result: Wrong line replaced! π₯The Solution
Content-anchored editing with hash verification:
Read: Each line gets a hash tag β
42:a3|const x = 1;Edit: Operations reference content, not just position β
"anchor": "42:a3"Apply: Server finds the line by hash, even if it moved to line 45
Verify: File hash must match β detects if content changed since read
Reliability Features
File-Level Verification: 6-character hash prevents editing stale content
Line-Level Anchoring: 2-character hash identifies specific lines
Fuzzy Matching: Searches for unique hash match if line number changed
Conflict Detection: Clear errors if content diverged
Core Tools
Hashline Tools (Precision Editing)
read_text_file
Returns content with hash-tagged lines for reliable editing:
1:a3|import { useState } from 'react';
2:7f|
3:2c|export function Counter() {
---
hashline_version: 1
total_lines: 3
file_hash: 8f3a9bedit_text_file
Apply hash-anchored operations:
{
"path": "/path/to/file.ts",
"file_hash": "8f3a9b",
"operations": [
{
"op_type": "replace",
"anchor": "3:2c",
"content": "export function Counter({ initial = 0 }) {"
}
]
}Operation types: replace, insert_after, insert_before, delete
write_text_file
Write content and get back hashline-tagged verification
Filesystem Tools (Standard Operations)
list_directory
[DIR] src
[DIR] tests
[FILE] README.md
[FILE] Cargo.tomldirectory_tree
src/
βββ agents.rs
βββ config.rs
βββ filesystem.rs
βββ hashline.rs
βββ main.rs
βββ tools.rsSupports exclude_patterns for filtering (e.g., ["**/node_modules/**", "**/.git/**"])
create_directory, move_file, write_file, read_multiple_files
Standard filesystem operations with AGENTS.md enforcement
AGENTS.md Access Control
Constraint Types
Constraint | Effect | Use Case |
| Block all access | Secrets, credentials, private keys |
| Allow reads, block writes | Schemas, lock files, generated configs |
| Hide from AI context | Dependencies, build artifacts, noise |
Automatic .gitignore Support
Hashfile MCP automatically respects .gitignore files in your project:
Hierarchical: Walks up from target file to find all
.gitignorefilesStandard syntax: Supports standard
.gitignorepatterns (basename, directory, path)Combined with AGENTS.md: Patterns from both sources are merged
Zero config: Works out of the box with existing projects
Pattern conversion:
# .gitignore
*.log β **/*.log
node_modules/ β node_modules/**
build/output β build/outputPrecedence: AGENTS.md ignore patterns take precedence over .gitignore.
Example: Protect a Monorepo
---
forbidden:
- "**/secrets/**"
- "**/*.key"
- "**/*.pem"
- ".env*"
read_only:
- "**/package-lock.json"
- "**/Cargo.lock"
- "db/schema.sql"
ignore:
- "**/node_modules/**"
- "**/target/**"
- "**/.next/**"
- "**/*.generated.*"
---Hierarchical Control
Place AGENTS.md files at any level:
/project/AGENTS.md β Global rules
/project/backend/AGENTS.md β Backend-specific rules (overrides global)
/project/frontend/AGENTS.md β Frontend-specific rulesThe nearest AGENTS.md in the directory hierarchy applies.
Development
Run Tests
cargo testProject Structure
src/
βββ main.rs # MCP server setup
βββ tools.rs # Tool definitions (9 tools)
βββ hashline.rs # Hash-anchored editing logic
βββ filesystem.rs # Standard filesystem operations
βββ agents.rs # AGENTS.md frontmatter parsing
βββ config.rs # Configuration (future: tool enablement)
βββ roots.rs # Root path management (future)Technical Details
Language: Rust (edition 2021)
MCP SDK: rmcp 0.15.0
Line Hashing: FNV-1a (2 hex chars, 256 buckets)
File Hashing: FNV-1a (6 hex chars, 16M buckets)
Transport: stdio
Dependencies:
rmcp,serde,serde_json,serde_yaml,globset,anyhow,fnv
Roadmap
Environment variable-based tool enablement (
ENABLE_FILESYSTEM_TOOLS=true)Granular tool control (
ENABLE_LIST_DIRECTORY=true, etc.)Additional tools:
get_file_info,search_files,list_directory_with_sizesCommand-line argument support for configuration
License
See LICENSE file for details.
See Also
The Harness Problem - I Improved 15 LLMs at Coding in One Afternoon. Only the Harness Changed. - Can BΓΆlΓΌk Feb 2026
AGENTS.md Proposal - Frontmatter specification for agent access control
This server cannot be installed
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/mrorigo/hashfile-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server