MCP ConfigsApr 7, 2026·2 min read

Filesystem MCP — Local File Access for AI Agents

Official MCP server that gives AI agents safe, scoped access to your local filesystem. Read, write, search, and manage files and directories with configurable permissions. 4,000+ stars.

MC
MCP Hub · Community
Quick Use

Use it first, then decide how deep to go

This block should tell both the user and the agent what to copy, install, and apply first.

Add to your .mcp.json:

{
  "mcpServers": {
    "filesystem": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-filesystem", "/Users/you/projects"]
    }
  }
}

The last argument is the root directory — the agent can only access files within it. Restart Claude Code.

Intro

Filesystem MCP is the official Model Context Protocol server for local file access with 4,000+ GitHub stars. It gives AI agents like Claude Code safe, scoped access to read, write, search, and manage files within a specified root directory. The agent cannot escape the root — it is sandboxed by design. Best for workflows where agents need to manage files outside the current project directory, like config files, data directories, or multi-repo setups. Works with: Claude Code, Cursor, any MCP client. Setup time: under 1 minute.

Available Tools

read_file

"Read the contents of ~/projects/shared/config.yaml"

write_file

"Save this JSON data to ~/projects/data/output.json"

list_directory

"Show all files in ~/projects/backend/src/"

search_files

"Find all .env files under ~/projects/"
"Search for files containing 'DATABASE_URL'"

create_directory

"Create a new directory ~/projects/backups/2026-04-07"

move_file

"Rename old-config.yaml to config.yaml.bak"

get_file_info

"Show the size and modification date of package.json"

Security Model

Scoped Root

The agent can ONLY access files under the specified root:

"args": ["-y", "@modelcontextprotocol/server-filesystem", "/Users/you/projects"]
  • Access /Users/you/projects/app/src/ — allowed
  • Access /Users/you/.ssh/ — blocked
  • Access /etc/passwd — blocked

Multiple Roots

Allow access to multiple directories:

"args": ["-y", "@modelcontextprotocol/server-filesystem",
         "/Users/you/projects", "/Users/you/documents"]

Read-Only Mode

For safety, restrict to read-only:

"args": ["-y", "@modelcontextprotocol/server-filesystem", "--read-only", "/path"]

Key Stats

  • 4,000+ GitHub stars
  • Official MCP server
  • Sandboxed root directory
  • Read, write, search, move
  • Read-only mode available

FAQ

Q: What is Filesystem MCP? A: The official MCP server for local file access, giving AI agents scoped read/write access to files within a specified root directory.

Q: Is it safe? A: Yes, the agent cannot access files outside the specified root directory. Use read-only mode for extra safety.

Q: How is this different from Claude Code's built-in file access? A: Claude Code accesses the current project directory. Filesystem MCP lets you grant access to additional directories outside the project.

🙏

Source & Thanks

Part of MCP Servers. Licensed under MIT.

server-filesystem — stars 4,000+

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets

Upstash MCP — Serverless Redis & Kafka for AI Agents

MCP server for Upstash serverless Redis and Kafka. Give AI agents access to caching, rate limiting, pub/sub, and message queues with zero infrastructure. Pay-per-request pricing. 2,000+ stars.

MCP Hub
Home🔍Search👤Me