Filesystem MCP in Claude Code

Quick answer: Install the Filesystem MCP server with npx -y @modelcontextprotocol/server-filesystem /Users/you/Projects/claude-sandbox, add the JSON block below to ~/.claude/settings.json, restart Claude Code, and run /mcp to confirm the connection. Setup runs about 5 minutes on a fresh machine, verified on @modelcontextprotocol/server-filesystem as of April 15, 2026.

The Filesystem MCP server gives Claude Code direct read and write access to one or more directories you nominate at launch. Once connected you can ask Claude to list a folder, read a file, diff two paths, or write new files without pasting content back into the editor. The server ships from the official @modelcontextprotocol/server-filesystem package and scopes every tool call to the allowed paths passed as arguments, so the blast radius stays bounded even when a prompt goes sideways.

This guide covers what you get after the wiring is done, the exact config, verification steps, prompt patterns that tend to work well, and the 4 issues that trip people up most often in the first week.

What you get when it is connected

Once the Filesystem server is attached, Claude Code can call the server tools from inside any conversation. You do not invoke the tools by hand. When you ask Claude a question the model decides which tool to call and parses the response for you. For teams that live inside Filesystem day to day, this replaces dozens of context switches per week with a single line in chat.

The server exposes a small set of tools: read_file, write_file, edit_file, list_directory, search_files, move_file, create_directory, get_file_info. Large files come back truncated at a default 1 MB cap, so ask for ranges on logs or data dumps. Binary files are returned as base64 blobs; text files decode as UTF-8 with a fallback to latin-1.

Prerequisites

Node 20 or later on the host. No account, API key, or cloud resource is needed. You pick one or more absolute paths to expose; anything outside those paths stays unreachable to the tool surface.

If you use a version manager like nvm or asdf for Node, confirm the version Claude Code inherits. Open a terminal, run node -v, and note the output. Claude Code uses the Node it sees on PATH at launch, so a shell profile that sets the right version is the reliable path.

Install via npx

Run the package once with npx to verify it starts cleanly:

npx -y @modelcontextprotocol/server-filesystem /Users/you/Projects/claude-sandbox

The first run downloads the package (a few MB) and starts the server on stdio. The server does not print much on success - it waits for MCP protocol messages on stdin. Press Ctrl-C to stop it. The actual runtime setup happens through Claude Code itself in the next step.

If the install fails with a network error, your npm registry may be blocked. Set npm config set registry https://registry.npmjs.org and retry. Behind a corporate proxy, also set HTTP_PROXY and HTTPS_PROXY in your shell.

Add the config block to ~/.claude/settings.json

Open ~/.claude/settings.json in your editor. If the file does not exist yet, create it with {} as the starting content. Add an mcpServers object with an entry for this server:

{
  "mcpServers": {
    "filesystem": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-filesystem",
        "/Users/you/Projects/claude-sandbox"
      ]
    }
  }
}

Save the file. If you already have other MCP servers defined, merge the new entry into the existing mcpServers object rather than replacing it.

Restart Claude Code fully (quit and reopen, not just close the window). The server is spawned lazily on the first tool call in a session, not at launch, but the config is read once per Claude Code start.

Verify the connection

Open a new Claude Code session and type /mcp at the prompt. You should see the server listed with a green or connected indicator. If it shows as failed, click into it for the stderr output - the error message usually points at the problem directly (bad token, wrong path, missing Node).

Run a trivial first prompt to confirm round trips work. Good smoke tests:

• For read servers: ask for a list of whatever resource type it exposes.
• For write servers: ask for a describe on a known resource first, then try a safe write on a test resource.

If the first prompt works, the wiring is done. From here on you interact with the server purely through normal prompts in Claude Code.

Example prompts that work well

Here are prompts that tend to get good responses once the server is attached:

• List every file under src that was changed in the last 48 hours and summarize the diff in plain English.
• Read package.json and tell me which direct dependencies are more than 12 months behind their latest release.
• Scan the docs folder and write a table of contents as a new file at docs/index.md.
• Find every TODO comment in the repo, group by file, and write the results to tmp/todos.txt.
• Open tests/api.test.ts, rewrite the describe block to cover the new /v2 route, and save the file.
• Compare config.prod.json and config.staging.json and list the keys that differ with their values side by side.

Claude will chain tool calls on its own when the prompt implies several steps. For a summarize-then-write flow the model will often call read tools first, then a single write tool at the end. If a prompt keeps burning tool calls, narrow it: specify the resource ID, the time range, or the exact field you want rather than asking Claude to scan everything.

Environment variable security

The filesystem server takes no environment variables. Its attack surface is entirely defined by the path arguments you pass on the command line. Pick paths that give Claude enough room to help without including anything you would not paste into a prompt. A common pattern is a single dedicated sandbox directory you checkout repos into, rather than pointing the server at your home directory.

A general rule across every MCP server: never paste secrets directly into settings.json that lives in a shared or git-tracked directory. Keep the actual secret values in your shell profile (~/.zshrc, ~/.bashrc, or a 1Password-cli helper), export them at shell start, and reference the variable names from the Claude config. That way the secret stays on your machine and the config file is safe to share with teammates.

On macOS, terminals launched from Spotlight or from the Dock both inherit the shell profile. If you launch Claude Code from a GUI shortcut that does not go through a shell, env vars may not propagate - launch from a terminal instead.

Troubleshooting

EACCES permission denied on a subfolder. The server runs as your user. A subdirectory owned by another user (or protected by macOS full-disk-access rules) blocks the call. Move the file out of the protected area or run Claude Code from a terminal that already has full-disk access granted.

Server starts but tool calls return path not allowed. The path argument has to be absolute and has to be a prefix of the file you are asking about. Expand ~ to the full home path in your config, since the JSON reader does not do shell expansion.

Files change on disk but Claude keeps seeing the old copy. Tool responses are not cached by the server, but Claude Code keeps a conversation-level view of files it has already read. Ask Claude to re-read the file explicitly, or use /clear to drop the stale context.

npx keeps re-downloading the package on every launch. The -y flag accepts the install prompt but npx still checks the registry. If startup feels slow, install the package globally with npm i -g @modelcontextprotocol/server-filesystem and point command at the installed binary path.

For any issue not listed here, the first step is /mcp inside Claude Code to see the current status and any recent stderr from the server. The second step is running the exact npx command from your terminal to see if the server starts cleanly outside Claude Code. Between those two checks, most problems become obvious within a minute.

Next steps

Once the Filesystem server is attached and verified, the useful next move is writing a short prompt template you keep in your notes. List the 3 or 4 prompts you run most often against this server, and paste them into Claude Code when needed. Over a few weeks you build a personal command library that gets real work done without typing much.

For team projects, commit a .mcp.json at the repo root with the same structure. Everyone on the team gets the server wired up automatically on first open, and individual secrets stay in shell profiles. That is the setup pattern that scales past a single developer.