Filesystem Mcpignore
by
Enforces .mcpignore patterns to restrict MCP client file system access while providing full read/write and directory operations.
Filesystem Mcpignore Overview
What is Filesystem Mcpignore about?
Filesystem Mcpignore adds .mcpignore support to the Model Context Protocol (MCP) filesystem server, allowing you to define ignore patterns (same syntax as .gitignore) that control which files and directories an MCP client can read, write, or manipulate.
How to use Filesystem Mcpignore?
- Create .mcpignore files in each allowed directory and list patterns to hide files or sub‑folders.
- Add the server to your MCP client configuration (Claude, Cline, Cursor, etc.) by referencing the server name
mcpignore-filesystem. - Run the server via NPX:
{
"mcpServers": {
"mcpignore-filesystem": {
"command": "npx",
"args": ["-y", "@cyberhaven/mcpignore-filesystem", "/path/to/allowed/dir1", "/path/to/allowed/dir2"]
}
}
}
- The server will read the supplied directories, apply .mcpignore rules, and expose the permitted API endpoints.
Key features of Filesystem Mcpignore
- Pattern‑based access control using .gitignore‑style syntax.
- Full file operations: read, write, edit, create, delete, move, and metadata retrieval.
- Directory management: create, list, delete, and tree view.
- Search capability (allowed) for discovering file names while respecting ignore rules.
- Compatibility with existing MCP filesystem API spec.
- Simple NPX‑based deployment, no manual build steps.
Use cases of Filesystem Mcpignore
- Secure code‑generation pipelines where LLMs need read/write access to a project but must not see secrets like
.envor proprietary assets. - Data‑sensitive research environments that expose only sanitized datasets to generative agents.
- Multi‑tenant development sandboxes where each tenant’s allowed directories are isolated by ignore rules.
- Compliance‑driven workflows ensuring that regulated files are never exposed to AI assistants.
FAQ from the Filesystem Mcpignore
Q: Can I still list a directory that contains ignored files?
A: Yes. list_directory is blocked for ignored paths, but directory_tree and search_files are allowed to return names of non‑ignored files.
Q: How do ignore patterns propagate to sub‑directories?
A: Each directory can have its own .mcpignore. Patterns are applied relative to the directory containing the file.
Q: What happens if a client tries to write to an ignored file? A: The operation is blocked and the client receives an access‑denied error.
Q: Do I need to install any additional dependencies?
A: No. The server runs directly with npx and pulls the @cyberhaven/mcpignore-filesystem package from npm.
Q: Is the server compatible with other MCP servers? A: It builds on the official Model Context Protocol filesystem server, so it can replace or sit alongside other MCP filesystem implementations.
Filesystem Mcpignore's README
Filesystem MCP Server with .mcpignore support
Protect your most sensitive data by using this data security first filesystem. This node.js server builds on top of Filesystem MCP Server and lets you control which files your MCP Client can access using .mcpignore file.
Features
- Control MCP client's access to your filesystem based on
.mcpignore - Read/write files
- Create/list/delete directories
- Move files/directories
- Search files
- Get file metadata
Note: Create an .mcpignore file for each direcoties specified via args
Configuring .mcpignore
The .mcpignore file uses the same patterns as .gitignore
Patterns Examples
# Ignore specific file `.env`
.env
# Ignore all files with a `.safetensor` extension
*.safetensors
# Ignore specific directory, 'assets/logos' and its files
assets/logos/
API
For details, refer to Filesystem MCP Server API Spec
Tool behavior with ignore paths
| Tool | Behavior |
|---|---|
| read_file | Block |
| read_multiple_files | Block |
| write_file | Block |
| edit_file | Block |
| create_directory | Block |
| list_directory | Block |
| directory_tree | Allow |
| move_file | Block |
| search_files | Allow |
| get_file_info | Block |
| list_allowed_directories | N/A |
Note: directory_tree and search_files are allowed only to retrieve the file names
Usage with MCP Clients
- Claude: Add this to your
claude_desktop_config.json - Cline: Add this to your
cline_mcp_settings.json - Cursor: Add this to your
mcp.json
Note: .mcpingore applies to the list of allowed directories that you provide as args
NPX
{
"mcpServers": {
"mcpignore-filesystem": {
"command": "npx",
"args": [
"-y",
"@cyberhaven/mcpignore-filesystem",
"/Users/<username>/Desktop",
"/path/to/other/allowed/dir"
]
}
}
}
License
This project is licensed under the MIT License. See LICENSE.
Contributing
See CONTRIBUTING.md for information on contributing to this repository.
Security
See SECURITY.md for information on security.
Filesystem Mcpignore Reviews
Login Required
Please log in to share your review and rating for this MCP.
Actions
Filesystem Mcpignore's Information
- Author
- CyberhavenInc
- Category
- Security
- Language
- JavaScript
- License
- MIT License
- Version
- v0.1.1
- Stars
- 2
- Updated
- 2 months ago
Configuration
{
"mcpServers": {
"mcpignore-filesystem": {
"command": "npx",
"args": [
"-y",
"@cyberhaven/mcpignore-filesystem",
"/path/to/allowed/dir1",
"/path/to/allowed/dir2"
]
}
}
}Claude Code (Terminal)
claude mcp add mcpignore-filesystem npx -y @cyberhaven/mcpignore-filesystem /path/to/allowed/dir1 /path/to/allowed/dir2Configure Clients
Similar MCP Servers like Filesystem Mcpignore
Explore related MCPs that share similar capabilities and solve comparable challenges
SafeLine
by chaitin
A self‑hosted web application firewall and reverse proxy that protects web applications from attacks and exploits by filtering, monitoring, and blocking malicious HTTP/S traffic.
SafeDep Vet
by safedep
Provides enterprise‑grade open source software supply chain security by scanning source code, dependencies, containers and SBOMs, detecting vulnerabilities and malicious packages, and enforcing policy as code.
Semgrep MCP Server
by semgrep
Offers an MCP server that lets LLMs, agents, and IDEs run Semgrep scans to detect security vulnerabilities in source code.
Burp MCP Server
by PortSwigger
Enables Burp Suite to communicate with AI clients via the Model Context Protocol, providing an MCP server and bundled stdio proxy.
Cycode CLI
by cycodehq
Boost security in the development lifecycle via SAST, SCA, secrets, and IaC scanning.
Bugsy
by mobb-dev
Provides automatic security vulnerability remediation for code via a command‑line interface and an MCP server, leveraging findings from popular SAST tools such as Checkmarx, CodeQL, Fortify, and Snyk.
Keycloak MCP Server
by ChristophEnglisch
Provides AI‑powered administration of Keycloak users and realms through the Model Context Protocol, enabling automated creation, deletion, and listing of users and realms from MCP clients such as Claude Desktop.
OpenCTI MCP Server
by Spathodea-Network
Provides a Model Context Protocol server that enables querying and retrieving threat intelligence data from OpenCTI through a standardized interface.
Authenticator App MCP Server
Officialby firstorderai
Provides seamless access to two‑factor authentication codes and passwords for AI agents, enabling automated login while maintaining security.