← mcp directory● official

MCP server · Anthropic

Filesystem.

The first MCP server most people install. A bounded view of the filesystem the model can actually read, edit, and search, without files being pasted into chat.

$ claude mcp add filesystem -- npx -y @modelcontextprotocol/server-filesystem ~/Code

If you only run one MCP server, run this one. The Filesystem server gives the model a real, scoped view of a directory on your machine: read files, write files, list directories, glob, and search content. Everything you would otherwise be copy-pasting into the chat box.

The interesting thing about Filesystem is not that it lets the model touch files. It is that it does so safely: the server is bound to a single root directory at startup, and nothing outside that root is reachable. You can hand a model your ~/Code/some-project and trust that it physically cannot cat ~/.ssh/id_rsa.

§01What it actually does

The server exposes a small, well-chosen set of tools:

  • read_file returns a file's contents as text or as a base64 image.
  • write_file creates or overwrites a file at a path.
  • edit_file applies a list of string-replace edits in a single call, which is cheaper than rewriting the whole file.
  • list_directory is ls, basically.
  • search_files pattern-matches filenames recursively.
  • get_file_info returns size, type, and mtime, which is the metadata you would otherwise burn a tool call to derive.

There is no delete_file. That is intentional. Deletion is asymmetric in cost, so it is left to the human or to a more capable shell tool that the user has explicitly chosen to expose.

§02When to reach for it

Filesystem is the right tool when the conversation is going to involve more than two or three files at once and you do not want to keep narrating which file is which. The kinds of prompts that become routine: "read the components in src/ui/ and tell me which ones share state," "find every useEffect with an empty dependency array in this repo," "add a header comment to all files in scripts/ matching this template," "open vite.config.ts, then read the three plugins it imports, then summarize what each one does."

§03Setup

If you are on Claude Code, the mcp add command writes the right config for you:

# scope to a single project directory
claude mcp add filesystem -- npx -y \
  @modelcontextprotocol/server-filesystem \
  ~/Code/your-project

# verify it registered
claude mcp list

If you are configuring Claude Desktop or another client manually, the JSON looks like:

{
  "mcpServers": {
    "filesystem": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-filesystem",
        "/Users/you/Code/your-project"
      ]
    }
  }
}

You can pass multiple roots if you want a wider view, but resist that urge. Narrower roots produce better answers, because the search space stays small and the model is not tempted to wander.

◆ pull quote

Treat the root directory like a permission, not a convenience. Every directory above the root is a directory the model is physically prevented from leaking.

§04Caveats and footguns

  • Pointing it at ~ is the obvious mistake. The temptation is real because the breadth feels useful for a moment; the cost is your home directory in someone's training data on a bad day.
  • Pair it with version control. The model will overwrite a file you cared about, and git diff is the seatbelt that catches it.
  • Symlinks are followed. If the sandbox root contains a symlink that escapes the root, that is outside the root. Audit accordingly.
  • Performance dies on huge repos. The server is fine for project-sized work but slow on multi-GB monorepos. A code-search MCP server is a better fit there.