{"id":"iceener-files-stdio-mcp-server","name":"files-stdio-mcp-server","homepage":null,"repo_url":"https://github.com/iceener/files-stdio-mcp-server","category":"infrastructure","subcategories":[],"tags":["mcp","filesystem","sandbox","agent-tools","safe-editing","stdio"],"what_it_does":"Provides a Model Context Protocol (MCP) stdio server that exposes sandboxed, mount-scoped filesystem tools for an AI agent to explore directories, read files (with checksums), search by name/content, and safely edit files using checksum verification, unified diffs, and optional dry-run previews; also supports basic structural operations (rename/move/copy/mkdir/delete/stat) within configured roots.","use_cases":["Agent-assisted editing of text files (e.g., markdown, notes, documentation)","Browsing and searching within a knowledge base or vault without exposing arbitrary filesystem access","Safe, checksum-based updates with diff previews before applying changes","Structuring content: creating/moving/renaming files and folders under allowed roots"],"not_for":["Non-text/binary file management (not the focus; includes MAX_FILE_SIZE and text-oriented read/write design)","High-integrity production file editing without human review (it helps, but is still an agent filesystem tool)","Access to arbitrary system paths outside configured FS_ROOTS/FS_ROOT"],"best_when":"You want an MCP-enabled agent to work inside a narrow filesystem sandbox (e.g., a docs vault) with safety checks (checksum + dry-run + diffs).","avoid_when":"You cannot constrain mounts/roots appropriately, or you require strong enterprise security/compliance features beyond local sandboxing.","alternatives":["Other MCP filesystem servers (if available) with different sandboxing/safety models","Local-only scripting/tooling (e.g., custom agent functions calling a vetted CLI) for file operations","Git-based workflows (PR/patch generation + review) instead of direct filesystem writes"],"af_score":74.0,"security_score":56.0,"reliability_score":27.5,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:55:16.641516+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":[],"oauth":false,"scopes":false,"notes":"No user authentication mechanism is described; access is controlled by local sandbox configuration (FS_ROOTS/FS_ROOT). Security relies on mount restrictions rather than auth/identity."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Self-hosted open-source style package; pricing not described."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":74.0,"security_score":56.0,"reliability_score":27.5,"mcp_server_quality":85.0,"documentation_accuracy":80.0,"error_message_quality":null,"error_message_notes":"fs_write output specifies error.code/message/recoveryHint; fs_search output includes error.code/message; general troubleshooting table provided. No explicit rate-limit/error code taxonomy shown beyond a few examples.","auth_complexity":95.0,"rate_limit_clarity":10.0,"tls_enforcement":50.0,"auth_strength":20.0,"scope_granularity":90.0,"dependency_hygiene":60.0,"secret_handling":70.0,"security_notes":"Security is primarily sandbox/mount based (FS_ROOTS/FS_ROOT), with strong safeguards for write safety (checksum verification, dry-run diff previews, and explicit guidance to re-read on checksum mismatch). No authentication/authorization model is described; if the MCP server is reachable by an untrusted agent, filesystem access would be governed only by the configured mounts. TLS is not applicable in stdio transport, so the score is moderate. Dependency hygiene is inferred from typical package usage; exact CVE status is not provided.","uptime_documented":0.0,"version_stability":40.0,"breaking_changes_history":0.0,"error_recovery":70.0,"idempotency_support":"false","idempotency_notes":"Checksum-based updates reduce conflicting overwrites, but operations are not explicitly idempotent (e.g., replace/insert operations can change state on repeated calls).","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Must use relative paths within mounts; absolute paths should be rejected by the sandbox.","To apply edits safely, agents should read first and use fs_write with the latest checksum; checksum mismatch requires re-reading.","Deletion is limited (single file or empty directory only); recursive delete is intentionally not supported for safety.","Dry-run should be used to preview diffs for destructive/meaningful changes."]}}