Desktop app in development → Join the waitlist

Local processing only

MCP Server: Local File Transforms for AI Agents

51 tools to convert, compress, merge, and transform files. Predictable outputs, path-based I/O, zero network calls.

Privacy by architecture

No file bytes are sent to the model. Tools operate on paths and write outputs to disk. Some tools return extracted metadata (EXIF tags, checksums, word counts) by design. No telemetry, no network calls during processing.

Beyond read/write

Filesystem MCP VaultTools MCP

Read & write files ✓ ✓

Format conversion (PNG → WebP, CSV → JSON…) — ✓

Compression & optimization — ✓

Merge / split / organize — ✓

Metadata & checksums — ✓

Directory sandboxing — ✓

Path-based I/O (file bytes never in context) — ✓

Filesystem MCP reads and writes. VaultTools transforms, and keeps file bytes out of the AI conversation.

Install

Interactive setup that picks your AI tool and directory:

npx @vaulttools/mcp init

Copy

Or run directly:

npx @vaulttools/mcp --allowed-dir /path/to/your/files

Copy

Configure

Add VaultTools to your AI tool's MCP configuration:

Claude Code Claude Desktop Cursor Windsurf

~/.claude.json

{
  "mcpServers": {
    "vaulttools": {
      "command": "npx",
      "args": [
        "-y",
        "@vaulttools/mcp",
        "--allowed-dir",
        "/path/to/your/files"
      ]
    }
  }
}

Copy

Available Tools

51 tools across 5 categories: Image (14), PDF (11), Text (12), Dev (9), File (5). Each tool reads input files, processes locally, and writes output. File bytes stay on disk and are never sent to the model.

View full tool reference

Options

Flag Description Default

--allowed-dir <path> Directory the server can read from (required, repeatable) none

--output-dir <path> Directory for output files, defaults to allowed-dir allowed-dir

--verbose Enable verbose logging to stderr off

Privacy

No network calls. No uploads. No telemetry. Processing is 100% local.

Local processing. All file operations run on your machine. No files are uploaded anywhere.

Path-based I/O. The AI agent sends file paths, not file bytes. Processed results are written to disk, not returned in conversation.

Directory sandboxing. --allowed-dir restricts which directories the server can access. Nothing outside that boundary is readable.

No telemetry. Zero analytics, no network requests during processing, no phone-home behavior.

Disclaimer

The VaultTools MCP server is designed so that file bytes stay on your machine and are never sent to the model. Only file paths and metadata are exchanged.

However, the AI model that calls these tools operates independently of VaultTools. The model may choose to read, log, or transmit tool outputs according to its own behavior and the policies of its provider. VaultTools has no control over what the model does with the results once they are returned.

By using the MCP server, you acknowledge that VaultTools is not responsible for how the connected AI model handles tool responses. If you are processing sensitive files, review the privacy policies of your AI provider.