A secure Model Context Protocol (MCP) server that provides filesystem operations with controlled access to specified directories.
- Directory access controlled via environment variables
- File operations within allowed directories only
- Thread-safe caching of allowed directories
- Proper handling of paths with spaces
go get github.com/gomcpgo/filesys
Set allowed directories using the environment variable:
export MCP_ALLOWED_DIRS="/path1,/path2,/path with spaces/dir3"
read_file
: Read single file contentsread_multiple_files
: Read multiple files simultaneously
write_file
: Create or overwrite files
create_directory
: Create new directorieslist_directory
: List directory contentslist_allowed_directories
: Show accessible directories
move_file
: Move or rename files and directoriesget_file_info
: Get file metadatasearch_files
: Search files recursively with pattern matching
Add to claude_desktop_config.json
:
{
"mcpServers": {
"filesystem": {
"command": "/path/to/filesys",
"env": {
"MCP_ALLOWED_DIRS": "/path1,/path2,/path with spaces/dir3"
}
}
}
}
{
"name": "read_file",
"arguments": {
"path": "/allowed/path/file.txt"
}
}
{
"name": "list_directory",
"arguments": {
"path": "/allowed/path"
}
}
- All operations restricted to allowed directories
- Path traversal prevention
- Permission validation before operations
- Proper error handling and logging
go build -o bin/filesys cmd/main.go
MIT License
Pull requests welcome. Please ensure:
- Tests pass
- New features include documentation
- Code follows project style