MCPIgnore Filesytem
by
A data security-first filesystem MCP server that implements .mcpignore to prevent MCP clients from accessing sensitive data.
MCPIgnore Filesytem Overview
What is filesystem-mcpignore?
Filesystem-mcpignore is a Node.js server that extends the functionality of the standard Filesystem MCP Server. Its primary purpose is to enhance data security by allowing users to define which files and directories MCP (Model Context Protocol) clients can access using a .mcpignore file. This is particularly useful for preventing AI models or other MCP clients from inadvertently accessing sensitive information on your filesystem.
How to use filesystem-mcpignore?
To use filesystem-mcpignore, you need to configure your MCP client (e.g., Claude, Cline, Cursor) to use this server. The README provides examples of how to add the mcpignore-filesystem server to your client's configuration file (e.g., claude_desktop_config.json, cline_mcp_settings.json, mcp.json).
The core of its usage lies in creating .mcpignore files within the directories you specify as arguments when running the server. These .mcpignore files follow the same pattern matching rules as .gitignore, allowing you to specify files or directories to be ignored.
Example NPX Configuration:
{
"mcpServers": {
"mcpignore-filesystem": {
"command": "npx",
"args": [
"-y",
"@cyberhaven/mcpignore-filesystem",
"/Users/<username>/Desktop",
"/path/to/other/allowed/dir"
]
}
}
}
Key Features of filesystem-mcpignore
.mcpignoreSupport: Control MCP client access to your filesystem based on patterns defined in.mcpignorefiles.- File Operations: Supports reading, writing, and editing files.
- Directory Management: Allows creating, listing, and deleting directories.
- File/Directory Movement: Enables moving files and directories.
- File Search: Provides functionality to search for files.
- File Metadata: Ability to retrieve file metadata.
- Granular Control: Specific tool behaviors with ignore paths, blocking sensitive operations like
read_file,write_file, andcreate_directorywhile allowingdirectory_treeandsearch_filesfor file name retrieval only.
Use Cases of filesystem-mcpignore
- Protecting Sensitive Data: Prevent AI models or other MCP clients from accessing confidential documents, API keys, or personal information.
- Controlled Access for AI: Provide AI models with access only to the necessary data, reducing the risk of data leakage or misuse.
- Development Environments: Securely expose parts of your development environment to MCP clients without compromising sensitive project files.
- Compliance: Help maintain data privacy and security compliance by restricting data access.
FAQ about filesystem-mcpignore
Q: What is the purpose of .mcpignore?
A: The .mcpignore file is used to define patterns for files and directories that MCP clients should not be able to access. It acts as a security filter.
Q: Does .mcpignore work like .gitignore?
A: Yes, the .mcpignore file uses the same pattern matching rules as .gitignore, making it familiar and easy to configure for developers.
Q: Which MCP client tools are supported? A: The project explicitly mentions support for Claude, Cline, and Cursor, with configuration examples provided for each.
Q: Can I allow some tools to see file names but not their content?
A: Yes, tools like directory_tree and search_files are allowed to retrieve file names even for ignored paths, but they are blocked from accessing the actual file content or performing write operations.
Q: Where should I create the .mcpignore file?
A: You should create an .mcpignore file for each directory that you specify as an argument when running the mcpignore-filesystem server.
MCPIgnore Filesytem's README
Filesystem MCP Server with .mcpignore support
Protect your most sensitive data by using this data security first filesystem. This node.js server builds on top of Filesystem MCP Server and lets you control which files your MCP Client can access using .mcpignore file.
Features
- Control MCP client's access to your filesystem based on
.mcpignore - Read/write files
- Create/list/delete directories
- Move files/directories
- Search files
- Get file metadata
Note: Create an .mcpignore file for each direcoties specified via args
Configuring .mcpignore
The .mcpignore file uses the same patterns as .gitignore
Patterns Examples
# Ignore specific file `.env`
.env
# Ignore all files with a `.safetensor` extension
*.safetensors
# Ignore specific directory, 'assets/logos' and its files
assets/logos/
API
For details, refer to Filesystem MCP Server API Spec
Tool behavior with ignore paths
| Tool | Behavior |
|---|---|
| read_file | Block |
| read_multiple_files | Block |
| write_file | Block |
| edit_file | Block |
| create_directory | Block |
| list_directory | Block |
| directory_tree | Allow |
| move_file | Block |
| search_files | Allow |
| get_file_info | Block |
| list_allowed_directories | N/A |
Note: directory_tree and search_files are allowed only to retrieve the file names
Usage with MCP Clients
- Claude: Add this to your
claude_desktop_config.json - Cline: Add this to your
cline_mcp_settings.json - Cursor: Add this to your
mcp.json
Note: .mcpingore applies to the list of allowed directories that you provide as args
NPX
{
"mcpServers": {
"mcpignore-filesystem": {
"command": "npx",
"args": [
"-y",
"@cyberhaven/mcpignore-filesystem",
"/Users/<username>/Desktop",
"/path/to/other/allowed/dir"
]
}
}
}
License
This project is licensed under the MIT License. See LICENSE.
Contributing
See CONTRIBUTING.md for information on contributing to this repository.
Security
See SECURITY.md for information on security.
MCPIgnore Filesytem Reviews
Reviews feature coming soon
Stay tuned for community discussions and feedback
Actions
MCPIgnore Filesytem's Information
- Author
- CyberhavenInc
- Category
- Identity & Security
- Language
- JavaScript
- License
- MIT License
- Version
- v0.1.1
- Stars
- 1
- Updated
- about 1 month ago