{"id":"marcusjellinghaus-mcp-workspace","name":"mcp-workspace","homepage":null,"repo_url":"https://github.com/MarcusJellinghaus/mcp-workspace","category":"devtools","subcategories":[],"tags":["mcp","filesystem","claude-desktop","file-operations","local-dev","code-assistants","sandbox"],"what_it_does":"mcp-workspace (MCP Workspace Server) is an MCP server that exposes file-system operations—scoped to a specified project directory—for AI assistants. It supports listing, reading, writing (atomic save/append), editing (exact-string matching), deleting, moving/renaming, and provides additional read-only “reference projects” for browsing extra codebases/directories.","use_cases":["Let an MCP-capable coding assistant inspect and modify a local project within a sandboxed directory","Generate and update code files using deterministic edit operations","Browse supplementary documentation or example repositories via read-only reference projects","Perform controlled file operations (create/overwrite, append, delete, move/rename) from an AI agent","Reduce manual context switching by giving an assistant direct access to project files"],"not_for":["Serving as a public, unauthenticated remote file server","Use where users cannot fully control the project directory path passed at startup","High-safety environments that require auditable human approval for every write/delete action","Operations requiring fine-grained per-user authentication/authorization"],"best_when":"Used locally (e.g., Claude Desktop MCP) or in a trusted environment where the project directory is known and access is constrained to that directory.","avoid_when":"Avoid running it as a network-exposed service to untrusted users, or using it without strong host-level isolation, because it can perform powerful write/delete/move operations.","alternatives":["OpenAI/Claude built-in codebase tools (where available) that don’t expose raw filesystem write APIs","Custom sandboxed file-operation services with explicit authorization (RBAC) and per-operation approvals","Agent frameworks that implement structured patch application without direct arbitrary filesystem access"],"af_score":71.2,"security_score":48.8,"reliability_score":33.8,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:24:19.350450+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":[],"oauth":false,"scopes":false,"notes":"No user-facing auth mechanism is described in the provided README/manifest. Security model appears to rely on local execution + path restriction via --project-dir and read-only enforcement for reference projects."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Open-source (MIT) package; costs depend on your hosting/usage of the MCP client (e.g., Claude Desktop) rather than an API billing model."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":71.2,"security_score":48.8,"reliability_score":33.8,"mcp_server_quality":78.0,"documentation_accuracy":70.0,"error_message_quality":80.0,"error_message_notes":"README describes simplified error strings for security violations and common failures (e.g., File not found, Permission denied, Invalid path). Detailed error schema/codes for all tools aren’t fully visible in the provided excerpt.","auth_complexity":95.0,"rate_limit_clarity":10.0,"tls_enforcement":30.0,"auth_strength":30.0,"scope_granularity":75.0,"dependency_hygiene":55.0,"secret_handling":60.0,"security_notes":"Strongest described control is directory scoping via --project-dir with path validation to prevent traversal, plus gitignore filtering and read-only reference projects. No explicit authentication/authorization is described (likely relies on local/trusted usage). Writes include atomic save and append/edit/move/delete, so compromise of the MCP client/agent could cause damaging filesystem changes. TLS/auth/rate limiting for remote exposure are not addressed in the provided materials.","uptime_documented":0.0,"version_stability":45.0,"breaking_changes_history":35.0,"error_recovery":55.0,"idempotency_support":"false","idempotency_notes":"Read operations are naturally idempotent. Write/delete/move operations are not guaranteed idempotent overall (e.g., delete is irreversible; save_file overwrites; append_file changes state repeatedly). Some tools mention already-applied detection for edit_file no-ops.","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["save_file overwrites; append_file requires the file to already exist","edit_file uses exact string matching (case/whitespace sensitive) and replaces only the first occurrence per old_text","delete_this_file is irreversible","move_file may fail if destination exists or for security-invalid paths","Reference projects are read-only; tools that modify files should not be used against them"]}}