workspacemcp gives AI agents secure, auditable file access. Path sandboxing, DLP secret redaction, immutable audit logs, approval gates, and auto-checkpoints. 20 MCP tools.
from workspacemcp import WorkspaceFactory
ws = WorkspaceFactory.default(root_path="./project")
# Read files — secrets auto-redacted by DLP
entry = await ws.read_file("src/config.py")
# API keys -> [REDACTED:generic_api_key]
# Edit with patch — refuses ambiguous matches
await ws.edit_file(
"src/main.py",
old_text='print("hello")',
new_text='print("hello, world")',
)
# Every action is audited
log = await ws.audit_log(limit=10)
from workspacemcp.mcp_server import WorkspaceMCPServer
WorkspaceMCPServer(ws).run()
"The Agent is a Guest, not the Master." Least privilege, sandboxed paths, read-only by default.
All file operations confined to workspace root. Symlink traversal, .. escapes, and absolute path breakouts blocked.
15 built-in patterns: AWS keys, GitHub PATs, JWTs, Stripe keys, passwords, private keys, emails, phone numbers.
Every read, write, edit, delete logged with timestamp, agent ID, namespace, action, success/failure. Append-only.
Critical files require human approval before writes. Configurable patterns.
Before every mutation, the current file state is snapshotted. Rollback to any checkpoint by ID.
Search-and-replace patches with ambiguity detection. If old_text matches multiple locations, the edit is refused.
Project structure with descriptions and token estimates per file. Respects .gitignore.
Regex search across the entire workspace with context lines. Glob filtering, result limits.
Set workspace root, allowed write patterns, restricted paths, approval rules.
Every path validated against the sandbox. Symlinks and traversal blocked.
File operations run through DLP, approval gates, auto-checkpoints.
Every operation immutably logged. Query by action, path, or namespace.