MCP server that gives AI clients direct access to your local filesystem — save, find, and organize files using natural language
Project description
Vault — MCP File Server
An MCP (Model Context Protocol) server that gives any AI client — Claude Desktop, Claude Code, ChatGPT, etc. — direct access to your local filesystem. Save AI-generated content, copy files between folders, download from URLs, and organize your machine using natural language.
What makes it different
Most MCP file tools require you to know and type exact paths. Vault's find_folder tool lets you say "save this to my distributed systems folder" and Claude finds the right path itself — no copy-paste required.
Quickstart
1. Install
# Zero-install (recommended) — runs directly from PyPI
uvx ai-vault-mcp
# Or install permanently
pip install ai-vault-mcp
2. Add to your MCP client
Claude Desktop (~/Library/Application Support/Claude/claude_desktop_config.json on Mac):
{
"mcpServers": {
"vault": {
"command": "uvx",
"args": ["ai-vault-mcp"]
}
}
}
Claude Code:
claude mcp add vault -- uvx ai-vault-mcp
HTTP mode (for remote clients or Docker):
uvx ai-vault-mcp --transport http --host 0.0.0.0 --port 8000
3. First-run setup
The first time you ask Claude to do anything with files, it'll say:
"Where would you like to save your files? You can point me to an existing folder (e.g. ~/Documents) or I can create a fresh ~/Documents/Vault folder just for AI-generated files."
Answer in plain English. Claude calls configure under the hood, saves your choice to ~/.ai-vault-mcp/config.json, and never asks again.
Tool reference
| Tool | What it does |
|---|---|
configure |
First-run setup — sets allowed roots and default save location |
find_folder |
Find a folder by name without knowing the exact path |
save_content |
Save text, markdown, or code to a file |
save_binary |
Save base64-encoded binary content (images, zips) |
download_file |
Download any URL to a local folder |
copy_file |
Copy a file from anywhere on the machine into your vault |
move_file |
Move or rename a file |
list_files |
Browse a directory (with optional glob filter) |
create_directory |
Create a new folder |
read_file |
Read a text file's contents |
get_file_info |
File metadata: size, hash, MIME type, timestamps |
get_server_config |
Show current configuration |
Configuration
| Variable | Default | Description |
|---|---|---|
VAULT_LOG_LEVEL |
INFO |
Logging verbosity (DEBUG, INFO, WARNING, ERROR) |
VAULT_RATE_LIMIT_PER_MINUTE |
60 |
Max tool calls per tool per minute |
MCP_FILE_SERVER_MAX_SIZE_MB |
500 |
Max download size in MB |
MCP_FILE_SERVER_ALLOWED_ROOTS |
(from config file) | Override allowed roots (colon-separated paths) |
MCP_FILE_SERVER_BASE_DIR |
(from config file) | Override default save location |
PORT |
8000 |
Port for HTTP transport (read automatically in cloud environments) |
Env vars take priority over ~/.ai-vault-mcp/config.json.
Security model
- Sandboxed writes — all file operations are restricted to paths within your configured allowed roots
- Path traversal protection — every path is resolved and validated before use;
../escapes are blocked - Blocked extensions —
.exe,.bat,.ps1,.cmd,.msi,.js, and other dangerous types are always rejected - No silent overwrites —
save_contentandcopy_filerefuse to overwrite existing files - No delete tool — file deletion must be done manually; Claude cannot delete files
- Rate limiting — configurable per-tool call rate limit prevents runaway loops
- Unrestricted source reads —
copy_fileandmove_filecan read from anywhere on the machine; only the destination is sandboxed
Docker
docker build -t vault .
docker run -p 8000:8000 \
-e VAULT_RATE_LIMIT_PER_MINUTE=30 \
-v ~/.ai-vault-mcp:/home/vault/.ai-vault-mcp \
vault
Point your MCP client to http://localhost:8000/mcp. Health check: GET http://localhost:8000/health.
Development
# Clone and set up
git clone https://github.com/yashderasari/vault.git
cd vault
uv sync
# Run tests
uv run pytest tests/ -v
# Inspect logs (logs go to stderr)
uv run python server.py 2>vault.log
# MCP Inspector
uv run mcp dev server.py
Trust
This server can be submitted to the MCP Trust Framework for an independent security assessment once you're ready to ship publicly.
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ai_vault_mcp-0.1.0.tar.gz.
File metadata
- Download URL: ai_vault_mcp-0.1.0.tar.gz
- Upload date:
- Size: 13.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.16 {"installer":{"name":"uv","version":"0.11.16","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
cbfa6af5a882f2f5dec588bb1567b4d15652dbc79d7c02e0d7cea0f0637d9292
|
|
| MD5 |
9b2eeec477177a81d8f66b1dcbf2e355
|
|
| BLAKE2b-256 |
94b89dde79df350a0dc6cb8fae13febb6814ab501f44798d801762c9523f9e03
|
File details
Details for the file ai_vault_mcp-0.1.0-py3-none-any.whl.
File metadata
- Download URL: ai_vault_mcp-0.1.0-py3-none-any.whl
- Upload date:
- Size: 11.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.16 {"installer":{"name":"uv","version":"0.11.16","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b71db3083747f65b005573cf545829246310a407eb625a995a6a9ed5117b35d6
|
|
| MD5 |
f3b4aa741da9bfcbbf1632a638d173e2
|
|
| BLAKE2b-256 |
6a0f1df9d83fa1d642e461a4be2b375f2b79e0b515dc949af16d830f45bae5eb
|
