Skip to content

feat(filesystem): add --ignore-write option to block writes to sensit…#1901

Open
SOURABHMISHRA5221 wants to merge 15 commits intomodelcontextprotocol:mainfrom
SOURABHMISHRA5221:feat/filesystem-ignore-write
Open

feat(filesystem): add --ignore-write option to block writes to sensit…#1901
SOURABHMISHRA5221 wants to merge 15 commits intomodelcontextprotocol:mainfrom
SOURABHMISHRA5221:feat/filesystem-ignore-write

Conversation

@SOURABHMISHRA5221
Copy link

@SOURABHMISHRA5221 SOURABHMISHRA5221 commented May 24, 2025
edited
Loading

Title:
feat(filesystem): add --ignore-write option to block writes to sensitive files (#1869)

Description:
This PR addresses issue #1869 by adding a flexible mechanism to prevent accidental overwrites of sensitive files (such as .env) in the Filesystem MCP server.

Summary of changes:

  • Added a --ignore-write <pattern1> <pattern2> ... command-line argument to the filesystem server.
  • The server now blocks write operations to any file matching the provided patterns (supports globs like .env, .env.*, *.secret, etc.), even if the file is within an allowed directory.
  • Updated the README.md to document the new option and provide usage examples.
  • Improved security and user control over which files are protected from write operations.

Motivation:
Previously, the server could overwrite sensitive files (e.g., .env) without confirmation, risking data loss. This change allows users to specify which files should never be overwritten, improving safety and flexibility.

Testing:

  • Manually tested with various ignore patterns and confirmed that write operations to matching files are blocked with an appropriate error.
  • Verified that normal write operations to non-matching files still succeed.

Documentation:

  • Updated README.md with usage instructions and security notes for the new --ignore-write option.

Checklist:

@SOURABHMISHRA5221
Copy link
Author

SOURABHMISHRA5221 commented May 25, 2025
edited
Loading

Hi @tadasant
Could you please review this PR when you have a chance? Thank you!

@SOURABHMISHRA5221 SOURABHMISHRA5221 deleted the feat/filesystem-ignore-write branch May 31, 2025 11:40
@SOURABHMISHRA5221 SOURABHMISHRA5221 restored the feat/filesystem-ignore-write branch July 7, 2025 16:06
@SOURABHMISHRA5221
Copy link
Author

SOURABHMISHRA5221 commented Jul 11, 2025

Hi! @olaservo please review.

@SOURABHMISHRA5221
Copy link
Author

SOURABHMISHRA5221 commented Jul 18, 2025

Hi @olaservo... Do you think we need to change something in this?

@olaservo
Copy link
Member

olaservo commented Jul 20, 2025

Hi @olaservo... Do you think we need to change something in this?

Hi @SOURABHMISHRA5221 ! Thanks for the ping and sorry for the wait. I've started reviewing this and other filesystem PRs that relate to file exclusion patterns and restrictions, since there are a few out there, and we've also been doing some security hardening on this server. I expect to leave feedback on these soon, but if you don't hear back next week feel free to @ me again. We had a huge backlog of Readme updates that were adding some noise to mentions but I will keep an eye out. Thanks!

@olaservo olaservo added server-filesystem Reference implementation for the Filesystem MCP server - src/filesystem enhancement New feature or request bug Something isn't working and removed enhancement New feature or request labels Jul 20, 2025
@SOURABHMISHRA5221
Copy link
Author

SOURABHMISHRA5221 commented Jul 28, 2025

Hi @olaservo!... Hope you're doing well. Just wanted to follow up on the PR review when you get a chance.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug Something isn't working server-filesystem Reference implementation for the Filesystem MCP server - src/filesystem

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@SOURABHMISHRA5221 @olaservo