Linux MCP Server

Full System Control for AI Clients

2 ⭐ Stars
4 🐛 Issues
2 👁️ Watchers
Apache 2.0 📜 License

Powerful Features

⚙️

8 MCP Tools

Comprehensive toolset including bash_execute, read_file, write_file, edit_file, glob, grep, prepare_upload, and prepare_download for full system control.

📦

Binary File Transfer

Stream large files via direct HTTP endpoints without context window limitations. Perfect for handling files larger than 10MB.

🔐

Per-Token Permissions

Granular control with read-only (ro) and read-write (rw) roles. Limit access based on client requirements.

📊

Audit Logging

Comprehensive JSON Lines audit trail with error details for all tool invocations. Track every action with timestamps and IP addresses.

🛡️

Protected Paths

Automatically protect MCP's own installation directory and audit logs. Prevent unauthorized access to sensitive system files.

👥

Multi-User Auth

Bearer token authentication with per-token management. Admin API for remote token management without server restarts.

Quick Start

pipx install algony-mymcp

Python 3.11+ required on Linux. For production use:

sudo mymcp install-service --yes
sudo systemctl start mymcp

Requirements: Python 3.11+, optional ripgrep for faster grep operations.

CLI Reference

mymcp serve

Run the MCP server in foreground mode with temporary tokens

mymcp install-service

Install as systemd service with production configuration

mymcp token

Manage authentication tokens (list, add, revoke, rotate)

mymcp doctor

Print environment and dependency diagnostics

mymcp version

Display installed version information

mymcp migrate-from-legacy

Migrate from 1.x to 2.x installation format

MCP Tools

Tool Permission Description
bash_execute rw Execute shell commands in new subprocess
read_file ro Read files with line numbers and pagination
write_file rw Create or overwrite files (up to 10MB)
edit_file rw Replace text in existing files precisely
glob ro Find files by glob pattern (max 1000 results)
grep ro Search file contents with regex (ripgrep support)
prepare_upload rw Mint signed URLs for large file uploads
prepare_download ro Mint signed URLs for large file downloads

Security & Observability

🔒 Permission Model

Default to read-only tokens. Grant read-write only to trusted AI clients.

📋 Audit Logging

Track all tool invocations with JSON Lines format including timestamps, IPs, and error details.

🛡️ Path Protection

Automatic protection of system directories and audit logs from unauthorized access.

📊 Metrics

Prometheus metrics endpoint with optional OTLP push for observability backends.

Ready to Supercharge Your AI?

Give your AI clients full, controlled access to Linux systems

View on GitHub