sand-mcp-fs
MCP Filesystem Server with Sandbox Security
A secure MCP (Model Context Protocol) filesystem server based on cap-std sandbox technology. All file operations are restricted to user-specified allowed directories, preventing unauthorized access to system files.
Features
- π Sandbox Security - Based on cap-std capability-based security
- π 8 File Tools - read, write, list, create, move, search, info, list allowed dirs
- π File Size Limit - Prevent memory exhaustion from large files
- π Symlink Support - Correctly handles symbolic links
- π CLI Configuration - Easy command-line configuration
Installation
# Clone the repository
# Build and install
Usage
# Basic usage with default 50MB limit
# Custom file size limit (100MB)
# Multiple allowed directories
CLI Options
| Option | Default | Description |
|---|---|---|
--max-file-size |
50MB | Maximum file size for read operations |
<directories>... |
(required) | Allowed directories |
MCP Tools
| Tool | Description |
|---|---|
read_file |
Read file contents (supports head/tail) |
write_file |
Write content to a file |
list_directory |
List directory contents |
create_directory |
Create a new directory |
get_file_info |
Get file/directory metadata |
move_file |
Move/rename files |
search_files |
Search files by glob pattern |
list_allowed_directories_tool |
List all allowed directories |
Security
- Path Canonicalization - All paths are resolved to absolute form
- Sandbox Boundary - Operations restricted to allowed directories
- Capability-based Access - Uses cap-std for all file operations
- File Size Limit - Prevents memory exhaustion attacks
Configuration for OpenCode
Add to ~/.config/opencode/opencode.json:
File Size Format
Supported suffixes:
KB- Kilobytes (1024 bytes)MB- Megabytes (1024 * 1024 bytes)GB- Gigabytes (1024 * 1024 * 1024 bytes)
Examples:
License
Apache-2.0