MCP ACS Filesystem Manager
Advanced filesystem operations for AI agents with MCP integration and strict security boundaries. Part of the Digital Defiance AI Capabilities Suite.
Features
🚀 Advanced File Operations
- Batch Operations: Execute multiple file operations (copy, move, delete) atomically
- Directory Watching: Monitor directories for real-time file system changes
- File Search: Search by filename, content, or metadata with fast indexing
- Checksum Computation: Verify file integrity with MD5, SHA-1, SHA-256, SHA-512
- Disk Usage Analysis: Analyze directory sizes and identify large files
🔒 Security First
- Workspace Jail: All operations confined to workspace root
- 10-Layer Path Validation: Multiple security checks prevent path traversal
- Hardcoded Blocklists: System paths and sensitive files always blocked
- Rate Limiting: Prevents abuse with configurable operation limits
- Audit Logging: Complete operation tracking for forensics
🤖 AI Integration
- Copilot Chat Participant: Use
@filesystem in Copilot chat
- Language Model Tools: Direct AI agent access to filesystem operations
- MCP Protocol: Standard Model Context Protocol integration
- Security Boundaries: AI agents operate within strict, configurable limits
Installation
- Install from VS Code Marketplace
- Or install via command line:
code --install-extension DigitalDefiance.mcp-acs-filesystem
Quick Start
Using with Copilot
Ask Copilot to perform file operations:
@filesystem batch copy all *.ts files from src to backup
@filesystem search for files containing "TODO"
@filesystem compute sha256 checksum for package.json
@filesystem analyze disk usage in node_modules
@filesystem watch src directory for changes
Using Commands
- Ctrl+Shift+F Ctrl+Shift+S: Search files
- Ctrl+Shift+F Ctrl+Shift+B: Batch operations
- Or use Command Palette:
MCP Filesystem: ...
Configuration
Security Settings
{
"mcp-filesystem.security.workspaceRoot": "${workspaceFolder}",
"mcp-filesystem.security.allowedSubdirectories": [],
"mcp-filesystem.security.blockedPaths": [
".git",
".env",
"node_modules",
".ssh"
],
"mcp-filesystem.security.blockedPatterns": [
"*.key",
"*.pem",
"*.env",
"*secret*"
]
}
Resource Limits
{
"mcp-filesystem.resources.maxFileSize": 104857600,
"mcp-filesystem.resources.maxBatchSize": 1073741824,
"mcp-filesystem.resources.maxOperationsPerMinute": 100
}
Available Operations
Batch Operations
Execute multiple file operations atomically with automatic rollback on failure:
- Copy multiple files/directories
- Move multiple files/directories
- Delete multiple files/directories
Directory Watching
Monitor directories for changes with event filtering:
- Recursive watching
- Event type filtering (create, modify, delete, rename)
- Pattern-based filtering
File Search
Fast file search with multiple modes:
- Filename pattern matching
- Content search (full-text)
- Metadata filtering (size, date, type)
- Indexed search for large codebases
Checksum Operations
Verify file integrity:
- MD5, SHA-1, SHA-256, SHA-512 algorithms
- Batch checksum computation
- Checksum verification
Disk Usage Analysis
Analyze storage usage:
- Recursive directory size calculation
- Largest files/directories identification
- File type breakdown
- Available disk space queries
Security Boundaries
What AI Agents CANNOT Do
- ❌ Access files outside the workspace root
- ❌ Access system directories (/etc, /sys, C:\Windows, etc.)
- ❌ Access SSH keys, AWS credentials, or other sensitive files
- ❌ Create symlinks pointing outside the workspace
- ❌ Bypass rate limits
- ❌ Disable audit logging
- ❌ Modify the workspace root
What AI Agents CAN Do (Within Workspace)
- ✅ Read, write, and delete files
- ✅ Create and navigate directories
- ✅ Search for files by name or content
- ✅ Watch directories for changes
- ✅ Compute checksums
- ✅ Create symlinks (within workspace)
- ✅ Batch operations
- ✅ Sync directories
MCP Server Configuration
The extension automatically configures the MCP server for Copilot integration. To manually add to your workspace:
- Run command:
MCP Filesystem: Add to Copilot MCP Servers
- Or manually add to
.vscode/mcp.json:
{
"servers": {
"mcp-filesystem": {
"type": "stdio",
"command": "npx",
"args": ["-y", "@ai-capabilities-suite/mcp-filesystem"]
}
}
}
Examples
Batch Copy Files
// Ask Copilot:
@filesystem batch copy all TypeScript files from src to backup
// Or use the MCP tool directly:
{
"operations": [
{ "type": "copy", "source": "src/file1.ts", "destination": "backup/file1.ts" },
{ "type": "copy", "source": "src/file2.ts", "destination": "backup/file2.ts" }
],
"atomic": true
}
Watch Directory
// Ask Copilot:
@filesystem watch src directory recursively for TypeScript files
// Or use the MCP tool:
{
"path": "src",
"recursive": true,
"filters": ["*.ts", "*.tsx"]
}
Search Files
// Ask Copilot:
@filesystem search for files containing "TODO" in src directory
// Or use the MCP tool:
{
"query": "TODO",
"searchType": "content",
"fileTypes": [".ts", ".tsx", ".js"]
}
Troubleshooting
Server Not Starting
- Check output panel:
View > Output > MCP Filesystem Manager
- Verify Node.js is installed:
node --version
- Check server path in settings
- Try restarting VS Code
Permission Errors
- Verify workspace root is accessible
- Check blocked paths configuration
- Review audit log for security violations
- Ensure files are within workspace boundaries
- Reduce
maxOperationsPerMinute for rate limiting
- Use indexed search for large codebases
- Limit directory watching depth
- Check disk space and file sizes
Support
License
MIT License - see LICENSE file for details.
Part of AI Capabilities Suite
This extension is part of the Digital Defiance AI Capabilities Suite, which includes:
- MCP Process Manager: Process management with security boundaries
- MCP Screenshot: Cross-platform screenshot capture
- MCP Debugger: Advanced debugging capabilities
- MCP Filesystem Manager: Advanced file operations (this extension)
Visit Digital Defiance for more information.
