A secure, sandboxed MCP (Model Context Protocol) server that provides Void Editor with safe filesystem access. Enable your AI to create, read, modify, and delete files within your projectβall with comprehensive security controls.
β
File Operations - Create, read, write, delete, and move files
β
Directory Management - Create and list directories
β
Search Capability - Find text across multiple files
β
Security Sandboxing - Restricted paths, blocked extensions, size limits
β
Easy Setup - Simple configuration with JSON
β
Error Handling - Clear feedback on operations
- Python 3.10 or higher
- Void Editor
pip(Python package manager)
- Clone the repository
git clone https://github.com/yourusername/void-mcp-filesystem-server.git
cd void-mcp-filesystem-server- Create a virtual environment
python3 -m venv .venv
source .venv/bin/activate # On macOS/Linux
# or on Windows:
# .venv\Scripts\activate- Install dependencies
pip install -r requirements.txt- Create configuration file (optional)
cp mcp_config.example.json mcp_config.json
# Edit mcp_config.json with your settings- Open Void Editor
- Go to Settings/Preferences
- Find the MCP Configuration section
- Add your server:
- Command:
/path/to/.venv/bin/python3 - Args:
["/full/path/to/mcp_server.py"] - Working Directory: Your project root
- Command:
Create or edit the MCP servers config file:
macOS/Linux: ~/.config/void/mcp_servers.json
Windows: %APPDATA%\void\mcp_servers.json
{
"mcpServers": {
"filesystem": {
"command": "/absolute/path/to/.venv/bin/python3",
"args": ["/absolute/path/to/mcp_server.py"],
"cwd": "/your/project/directory"
}
}
}Important: Use absolute paths for both the Python executable and script.
In Void's settings, find the prompt/instructions section and add:
You have access to filesystem tools via the MCP (Model Context Protocol) server. Use them to create, read, modify, and delete files as requested by the user.
Available tools:
- read_file(path: str) - Read file contents
- write_file(path: str, content: str) - Write or overwrite a file
- create_file(path: str, content: str = "") - Create a new file (fails if exists)
- edit_file(file_path: str, old_string: str, new_string: str, replace_all: bool = False) - Precisely edit file by replacing exact text
- delete_file(path: str) - Delete a file
- list_directory(path: str = ".") - List directory contents
- create_directory(path: str) - Create a directory
- move_file(source: str, destination: str) - Move or rename a file
- search_in_files(search_term: str, directory: str = ".", file_pattern: str = "*.py") - Search for text in files
When calling these tools, use the exact function name and parameters. Paths can be relative or absolute (if within project). Always use forward slashes (/) in paths.
Examples:
- Create: create_file("src/utils.py", "def helper():\n pass")
- Read: read_file("src/main.py")
- Edit: edit_file("config.py", "DEBUG = True", "DEBUG = False")
- Modify: For complete rewrites, use read_file() then write_file()
- Search: search_in_files("TODO", "src", "*.py")
Once configured, ask your AI to perform file operations:
- "Create a new Python file at
src/handlers.pywith basic structure" - "Read
config.jsonand explain its structure" - "In
main.py, change the DEBUG variable from True to False" - "Add a docstring to the calculate function in utils.py"
- "Search for all TODO comments in the codebase"
- "Create a
tests/directory and add a test file"
Edit mcp_config.json to customize security settings:
{
"allowed_root": "/absolute/path/to/your/project",
"additional_blocked": [
"secrets",
"credentials"
],
"additional_extensions": [
".vue",
".svelte"
],
"max_file_size_mb": 10
}allowed_root- Project directory where operations are restricted (default: current directory)additional_blocked- Extra patterns to block (beyond defaults like .git, .env, .ssh)additional_extensions- Additional file extensions to allowmax_file_size_mb- Maximum file size in megabytes (default: 10)
The server implements multiple layers of protection:
- All operations confined to
allowed_rootdirectory - No directory traversal attacks (
../../../etc/passwdblocked) - Uses
Path.resolve()for absolute path validation
- Blocks sensitive files:
.env,.key,.pem,id_rsa, etc. - Blocks directories:
.git,.ssh,node_modules,__pycache__ - Only allows specific text file extensions
- Default 10MB file size limit
- Prevents memory issues from large file operations
- No subprocess or shell command execution
- Safe even if AI behaves unexpectedly
Run the included test suite to verify all functionality:
- Create a test directory:
mkdir test_workspace && cd test_workspace - Configure MCP to use this directory
- Follow the test cases in TEST_CASES.md
Each test verifies a specific tool and includes security tests.
# Check Python version
python3 --version # Must be 3.10+
# Check mcp is installed
pip list | grep mcp
# Try running manually
python3 mcp_server.py- Verify paths in MCP config are absolute
- Check Python interpreter path is correct
- Ensure working directory exists
- Check Void's developer console for errors
- Verify system prompt was added to Void settings
- Check that MCP server appears connected (look for tool icon)
- Try restarting Void
- Confirm model supports tool use (Claude, GPT-4, Command-R+ work best)
cwd setting in mcp.json. This is a bug in Void's MCP channel implementation (see Void GitHub Issue).
Workaround: Place your project inside Void's installation directory:
# Move your project to Void's directory
mv /your/project/path /home/edible/Tools/Void/your_projectThen update mcp_config.json:
{
"allowed_root": "/home/edible/Tools/Void/your_project"
}Note: This is a temporary workaround. The proper fix requires changes to Void's MCP implementation to respect the configured cwd.
- Check file/directory is within
allowed_root - Verify file extension is in allowed list
- Check if path contains blocked patterns (.git, .env, etc.)
- Review
mcp_config.jsonsettings
In mcp_server.py, the system prompt is automatically provided via the @mcp.prompt() decorator. Modify this function to customize tool instructions for your use case.
Add new tools by creating functions with the @mcp.tool() decorator:
@mcp.tool()
def count_lines(path: str) -> str:
"""Count lines in a file"""
with open(path) as f:
return str(len(f.readlines()))Expose read-only data via @mcp.resource():
@mcp.resource("custom://data")
def get_custom_data() -> str:
"""Provide custom context data"""
return "Custom data here"- No symbolic link support
- No binary file operations
- No arbitrary command execution (intentional for security)
- 10MB file size limit (configurable)
- Operations slower than native filesystem access (network overhead)
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit changes (
git commit -m 'Add amazing feature') - Push to branch (
git push origin feature/amazing-feature) - Open a Pull Request
Before submitting PRs:
- Run all test cases in
TEST_CASES.md - Test security constraints (path traversal, blocked extensions)
- Verify error messages are clear
- Check that operations work with different LLM models
This project is licensed under the MIT License - see LICENSE file for details.
- Built for Void Editor
- Uses Model Context Protocol (MCP)
- Inspired by Anthropic's MCP examples
- π Void Editor Documentation
- π MCP Documentation
- π Report Issues
- Backup/undo functionality
- Operation logging and audit trails
- Rate limiting
- Dry-run mode for previewing changes
- Git integration (auto-commit after changes)
- Multi-user support