filesystem-mcp
The Filesystem MCP Server enables secure and efficient filesystem operations for AI agents within a defined root directory. Key capabilities include:
π Explore & Inspect: List files/directories (recursively with optional stats), get detailed status for multiple items
π Read & Write: Read from multiple files, write/append content with automatic directory creation
ποΈ Manage Files/Directories: Create directories with intermediate paths, delete multiple files/directories
βοΈ Move & Copy: Move/rename or copy multiple files/directories
π Control Permissions: Change POSIX permissions (chmod) and ownership (chown) for multiple items
π Search & Replace: Search using regex with glob filtering, replace content across multiple files
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@filesystem-mcpread the contents of my notes.txt file"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Filesystem MCP
Your agent touched the repo. Did it stay in the project?
Secure, token-optimized filesystem operations for AI agents β batch reads, surgical edits, and project-root confinement without shell spawn overhead.
Batch operations Β· Project root safety Β· Zod validation Β· 13 MCP tools Β· Docker-ready
β Star this repo if agents should read and edit your codebase safely β not spawn shells per file. Β· Quick start Β· See it work Β· Why not shell commands? Β· Roadmap
The problem
Agents need filesystem access to read code, apply edits, and search across a repo. The default path is shell commands β one spawn per operation, no batching, stderr parsing, and paths that can wander outside the project.
That costs tokens, adds latency, and turns every file touch into a trust exercise.
Filesystem MCP is built for the moment your agent needs fast, bounded, batch-friendly file operations β confined to the project root.
Related MCP server: image-reader MCP Server
Why not shell commands?
Shell commands per file | Filesystem MCP |
One operation per spawn | Batch 10+ files in one MCP call |
Full shell access | Confined to server |
stderr parsing | Per-item success/failure in structured JSON |
High token round trips | Fewer hostβserver calls |
Path traversal risk | Relative paths only; traversal blocked |
No schema | Zod-validated arguments on every tool |
Full benchmark contract: docs/benchmark.md.
See it work
Configure once. Read many files in one call.
claude mcp add filesystem -- npx @sylphx/filesystem-mcp{
"paths": ["src/index.ts", "package.json", "README.md"]
}read_content returns per-file results in one response:
{
"results": [
{ "path": "src/index.ts", "content": "...", "success": true },
{ "path": "package.json", "content": "...", "success": true },
{ "path": "README.md", "content": "...", "success": true }
]
}Important: launch the MCP server with cwd set to your project root. All paths are relative
to that directory.
Why agents use it
Need | What you get |
Read multiple files |
|
Write or append |
|
Surgical edits |
|
Search the tree |
|
Refactor across files |
|
Explore structure |
|
Move/copy/delete |
|
Permissions |
|
Inspect metadata |
|
Quick Start
Claude Code
claude mcp add filesystem -- npx @sylphx/filesystem-mcpRun from your project directory so cwd is the repo root.
Claude Desktop / any MCP host
{
"mcpServers": {
"filesystem-mcp": {
"command": "npx",
"args": ["@sylphx/filesystem-mcp"]
}
}
}Set the host's working directory to your project root.
Docker
{
"mcpServers": {
"filesystem-mcp": {
"command": "docker",
"args": [
"run", "-i", "--rm",
"-v", "/path/to/your/project:/app",
"sylphx/filesystem-mcp:latest"
]
}
}
}Local development
git clone https://github.com/SylphxAI/filesystem-mcp.git
cd filesystem-mcp
bun install
bun run build
bun run testMCP Tool Surface
Tool | Use it when the agent needs to... |
| Read one or more files (optional line ranges) |
| Write or append to files |
| Apply structured diffs across files |
| Regex search with context lines |
| Multi-file search and replace |
| List a directory tree (optional stats) |
| Get detailed file/directory metadata |
| Create directories (with parents) |
| Remove files or directories |
| Move or rename items |
| Copy files or directories |
| Change POSIX permissions |
| Change ownership |
Release proof
Claims are backed by CI benchmark:release-gate, safety fixture corpus, and the shipped-path matrix (Rust-default primary tools).
bun run benchmark:release-gateArtifact: benchmark-artifacts/filesystem_release_gate.json β must report status: passed before release.
Performance benchmarks
Reproduce local throughput on the shipped Rust CLI path:
bunx vitest bench __tests__/benchmarks/throughput.bench.ts --runSee docs/benchmark.md for scenarios, design goals, and how to interpret results.
Security model
All operations confined to the server
cwdat launch.Absolute paths rejected; path traversal blocked.
Zod schemas validate every tool argument.
Batch tools return per-item status β one failure does not hide the rest.
Documentation
Topic | Link |
Docs site | |
Introduction | |
Benchmarks |
Development
bun run validate # lint + typecheck + test
bun run docs:build # VitePress + API docs
bun run benchmark # vitest benchSupport
Help this reach more builders
If shell-per-file agent workflows have burned your tokens or your trust in path safety, this project is for you.
β Star the repo β it helps more agent builders find secure, batch-friendly filesystem access.
Discovery (in progress)
Channel | Status |
Listed β claim server for full discoverability | |
Not listed yet | |
Not listed yet β directory submission | |
Not listed yet β free web-form submission |
Know another MCP directory? Open an issue with the link.
License
MIT Β© Sylphx
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/SylphxAI/filesystem-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server