Labsco
s2005 logo

Windows CLI

β˜… 3

from s2005

Interact with Windows command-line interfaces like PowerShell, CMD, Git Bash, and WSL.

πŸ”₯πŸ”₯πŸ”₯πŸ”₯βœ“ VerifiedFreeNeeds API keys

Windows CLI MCP Server (Enhanced)

NPM Downloads NPM Version

MCP server for secure command-line interactions on Windows systems, enabling controlled access to PowerShell, CMD, Git Bash, and Bash shells. It allows MCP clients (like Claude Desktop) to perform operations on your system, similar to Open Interpreter.

This enhanced version includes advanced configuration management, improved security features, and comprehensive testing capabilities.

[!IMPORTANT] This MCP server provides direct access to your system's command line interface. When enabled, it grants access to your files, environment variables, and command execution capabilities.

  • Review and restrict allowed paths
  • Enable directory restrictions
  • Configure command blocks
  • Consider security implications

See Configuration for more details.

Features

  • Multi-Shell Support: Execute commands in PowerShell, Command Prompt (CMD), Git Bash, Bash, and WSL
  • Modular Architecture: Build only the shells you need for smaller bundle sizes (30-65% reduction)
  • Inheritance-Based Configuration: Global defaults with shell-specific overrides
  • Shell-Specific Validation: Each shell can have its own security settings and path formats
  • Flexible Path Management: Different shells support different path formats (Windows/Unix/Mixed)
  • Resource Exposure: View configuration and security settings as MCP resources
  • Explicit Working Directory State: The server maintains an active working directory used when execute_command omits workingDir. If the launch directory isn't allowed, this state starts unset and must be set via set_current_directory.
  • Optional Initial Directory: Configure initialDir to start the server in a specific directory.
  • Security Controls:
    • Command blocking (full paths, case variations)
    • Working directory validation
    • Maximum command length limits
    • Smart argument validation
    • Shell-specific timeout settings
  • Configurable:
    • Inheritance-based configuration system
    • Shell-specific security overrides
    • Dynamic tool descriptions based on enabled shells

See the API section for more details on the tools and resources the server provides to MCP clients.

Note: The server will only allow operations within configured directories, with allowed commands.

VS Code Extension

A companion VS Code extension in vscode-extension/ simplifies configuring this server. It exposes every CLI option as ordinary VS Code settings (scoped per User and per Workspace) and registers the MCP server with VS Code automatically via the MCP Server Definition Provider API β€” no hand-edited mcp.json required. It can also generate a config.json or a .vscode/mcp.json on demand. See vscode-extension/README.md.

Modular Shell Architecture

WCLI0 now supports a modular architecture that allows you to build specialized versions containing only the shells you need. This results in significantly smaller bundle sizes and faster startup times.

Build Options

Choose from several pre-configured builds:

Copy & paste β€” that's it
# Full build (all shells) - default
npm run build

# Windows-only shells (PowerShell, CMD, Git Bash)
npm run build:windows

# Git Bash only (smallest Windows build)
npm run build:gitbash

# CMD only
npm run build:cmd

# Unix/Linux only (Bash)
npm run build:unix

# Custom combination
INCLUDED_SHELLS=gitbash,powershell npm run build:custom

Bundle Size Comparison

BuildSize ReductionShells Included
FullBaselineAll 5 shells
Windows~40% smallerPowerShell, CMD, Git Bash
Git Bash Only~60% smallerGit Bash
CMD Only~65% smallerCMD
Unix~60% smallerBash

Documentation

For detailed information about the modular architecture:

Quick Start with Specialized Builds

If you only need Git Bash:

Copy & paste β€” that's it
# Build
npm run build:gitbash

# Use in Claude Desktop config
{
  "mcpServers": {
    "windows-cli": {
      "command": "node",
      "args": ["/path/to/wcli0/dist/index.gitbash-only.js"]
    }
  }
}

macOS and Unix/Linux Support

While wcli0 is primarily designed for Windows, it also supports Unix-based systems (macOS, Linux) with Bash shell integration.

Building for Unix Systems

To build wcli0 for Unix-based systems (macOS, Linux):

Copy & paste β€” that's it
# Unix-only build (Bash shell)
npm run build:unix

# The output will be: dist/index.unix-only.js

Starting the Server on macOS

Start the server using npx:

Copy & paste β€” that's it
# Start with default settings
npx wcli0 --shell bash

# Start with a configuration file
npx wcli0 --config ./config.mac.json

# Start with specific allowed directories
npx wcli0 --shell bash \
  --allowedDir "/Users/$(whoami)" \
  --allowedDir "/tmp"

macOS Configuration Example

Here's a sample configuration for macOS:

Copy & paste β€” that's it
{
  "global": {
    "security": {
      "commandTimeout": 30,
      "enableInjectionProtection": true,
      "restrictWorkingDirectory": true
    },
    "restrictions": {
      "blockedCommands": ["rm -rf /", "dd", "mkfs"],
      "blockedArguments": ["--force", "-rf"],
      "blockedOperators": ["&&", "||", ";", "|"]
    },
    "paths": {
      "allowedPaths": ["/Users/$(whoami)", "/tmp"],
      "initialDir": "/Users/$(whoami)"
    }
  },
  "shells": {
    "bash_auto": {
      "type": "bash_auto",
      "enabled": true
    }
  }
}

Using with Claude Desktop on macOS

Configure Claude Desktop to use wcli0 on macOS:

Copy & paste β€” that's it
{
  "mcpServers": {
    "macos-cli": {
      "command": "npx",
      "args": [
        "-y",
        "wcli0",
        "--config",
        "/path/to/config.mac.json"
      ]
    }
  }
}

Important Notes for Unix Systems

  • Path Formats: Unix systems use forward slashes (/) and do not support Windows drive letters
  • Shell Type: Use bash or bash_auto shell types on Unix systems
  • Home Directory: Use $(whoami) or your actual username in paths
  • Security Commands: Some blocked commands in the default configuration are Windows-specific (e.g., regedit, format)

CLI Options for macOS

When running on Unix systems, use these CLI options:

OptionTypeDescription
--shellstringShell to use (use bash or bash_auto on Unix)
--allowedDirstringAdd an allowed directory (can be used multiple times)
--configstringPath to configuration file
--initialDirstringInitial working directory
--allowAllDirsflagDisable directory restrictions
--unsafeflagDisable all safety checks (not recommended)
--yoloflagDisable safety except directory restrictions

Log Management

wcli0 automatically stores command execution logs and provides MCP resources for querying historical output with advanced filtering capabilities.

Output Truncation

By default, command responses show only the last 20 lines to prevent overwhelming long outputs. Full output is always stored and accessible via:

  • File-based storage: When logDirectory is configured, logs are saved to files for persistent storage
  • In-memory storage: Default behavior using MCP log resources (e.g., cli://logs/commands/{id})
  • The get_command_output tool (fallback for hosts that cannot read resources)

Configure truncation settings:

Copy & paste β€” that's it
{
  "global": {
    "logging": {
      "maxOutputLines": 20,
      "enableTruncation": true
    }
  }
}

File-Based Log Storage

For persistent logging, configure a log directory:

Copy & paste β€” that's it
{
  "global": {
    "logging": {
      "logDirectory": "./logs",
      "exposeFullPath": false
    }
  }
}

Or via CLI:

Copy & paste β€” that's it
npx wcli0 --shell gitbash --logDirectory ./logs

When file-based logging is enabled:

  • Truncation messages show the file path directly (simpler output)
  • Logs persist across server restarts
  • No in-memory storage limits apply
  • Starting the server with --debug automatically enables file-based logging to your OS temp directory (<temp>/wcli0-debug-logs) when no logDirectory is set, so every command and its output are persisted during debugging sessions.

Security Note: Log files may contain sensitive command output. Ensure the log directory has appropriate permissions.

Log Resources

Access stored command output via MCP resources (in-memory mode):

  • cli://logs/list - List all stored command execution logs
  • cli://logs/recent?n=10 - Get the N most recent logs
  • cli://logs/commands/{id} - Access full output from a specific command
  • cli://logs/commands/{id}/range?start=1&end=100 - Query specific line ranges
  • cli://logs/commands/{id}/search?q=error&context=3 - Search logs with context

See API Documentation for detailed resource specifications and query parameters.

Example Configuration

Copy & paste β€” that's it
{
  "global": {
    "logging": {
      "maxOutputLines": 20,
      "enableTruncation": true,
      "maxStoredLogs": 50,
      "maxLogSize": 1048576,
      "enableLogResources": true,
      "logRetentionMinutes": 1440,
      "logDirectory": "./logs"
    }
  }
}

API

Tools

  • execute_command

    • Execute a command in the specified shell
    • Inputs:
      • shell (string): Shell to use ("powershell", "cmd", "gitbash", "bash", or "wsl")
      • command (string): Command to execute
      • workingDir (optional string): Working directory
      • maxOutputLines (optional number): Maximum output lines to return (1-10,000). Overrides global setting.
      • timeout (optional number): Command timeout in seconds (1-3,600). Overrides global setting.
      • profile (optional string): Named environment profile to apply for this command. Must name a configured profile (see Environment Profiles). Only present in the schema when profiles are configured; omit to run with the server's default environment.
    • Returns command output as text, or error message if execution fails
    • If workingDir is omitted, the command runs in the server's active working directory. If this has not been set, the tool returns an error.
  • get_current_directory

    • Get the server's active working directory
    • If the directory is not set, returns a message explaining how to set it
  • set_current_directory

    • Set the server's active working directory
    • Inputs:
      • path (string): Path to set as current working directory
    • Returns confirmation message with the new directory path, or error message if the change fails
  • get_config

    • Get the windows CLI server configuration
    • Returns the server configuration as a JSON string (excluding sensitive data)
  • validate_directories

    • Check if specified directories are within allowed paths
    • Only available when restrictWorkingDirectory is enabled in configuration
    • Inputs:
      • directories (array of strings): List of directory paths to validate
    • Returns success message if all directories are valid, or error message detailing which directories are outside allowed paths

Resources

  • cli://config

    • Returns the main CLI server configuration (excluding sensitive data like blocked command details if security requires it).
  • cli://logs/list

    • List all stored command execution logs with metadata
  • cli://logs/recent?n={count}

    • Get the N most recent command logs (default: 5)
  • cli://logs/commands/{id}

    • Access full output from a specific command execution
  • cli://logs/commands/{id}/range?start={n}&end={m}

    • Query specific line ranges from a log (supports negative indices)
  • cli://logs/commands/{id}/search?q={pattern}&context={n}&occurrence={n}

    • Search logs with regex patterns and context lines

Security Considerations

This server allows external tools to execute commands on your system. Exercise extreme caution when configuring and using it.

Built-in Security Features

  • Path Restrictions: Commands can only be executed in specified directories (allowedPaths) if restrictWorkingDirectory is true.
  • Command Blocking: Defined commands and arguments are blocked to prevent potentially dangerous operations (blockedCommands, blockedArguments).
  • Injection Protection: Common shell injection characters (;, &, |, `) are blocked in command strings if enableInjectionProtection is true.
  • Timeout: Commands are terminated if they exceed the configured timeout (commandTimeout).
  • Input validation: All user inputs are validated before execution
  • Shell process management: Processes are properly terminated after execution or timeout

Configurable Security Features (Active by Default)

  • Working Directory Restriction (restrictWorkingDirectory): HIGHLY RECOMMENDED. Limits command execution to safe directories.
  • Injection Protection (enableInjectionProtection): Recommended to prevent bypassing security rules.

Best Practices

  • Minimal Allowed Paths: Only allow execution in necessary directories.
  • Restrictive Blocklists: Block any potentially harmful commands or arguments.
  • Regularly Review Logs: Check the command history for suspicious activity.
  • Keep Software Updated: Ensure Node.js, npm, and the server itself are up-to-date.

Using the MCP Inspector for Testing

Use the Inspector to interactively test this server with a custom config file. Pass any server flags after --:

Copy & paste β€” that's it
# Inspect with built server and test config
npx @modelcontextprotocol/inspector -- node dist/index.js --config tests/config.json

# Or test the published package
npx @modelcontextprotocol/inspector wcli0 -- --config tests/config.json

Development and Testing

This project requires Node.js 18 or later.

Running Tests

Copy & paste β€” that's it
# Install dependencies
npm install

# Run all tests
npm test

# Run specific test suites
npm run test:validation    # Path validation tests
npm run test:wsl          # WSL emulation tests
npm run test:integration  # Integration tests
npm run test:async        # Async operation tests

# Run tests with coverage
npm run test:coverage

# Debug open handles
npm run test:debug

Cross-Platform Testing

The project uses a Node.js-based WSL emulator (scripts/wsl-emulator.js) to enable testing of WSL functionality on all platforms. This allows the test suite to run successfully on both Windows and Linux environments.

Acknowledgments

This project is based on the excellent work by SimonB97 in the win-cli-mcp-server repository. Due to significant configuration differences and architectural changes that made merging back to the source repository challenging, this has been maintained as a separate fork with enhanced features and extensive modifications.

Key enhancements in this version:

  • Enhanced inheritance-based configuration system
  • Improved WSL support with cross-platform testing
  • Advanced security features and path validation
  • Comprehensive test coverage with Node.js-based WSL emulation
  • Extended documentation and configuration examples

We gratefully acknowledge SimonB97's foundational work that made this project possible.

Development Environment using Dev Containers

This project includes a Dev Container configuration, which allows you to use a Docker container as a fully-featured development environment. This ensures consistency and makes it easy to get started with development and testing.

Prerequisites

Getting Started

  1. Clone this repository to your local machine.
  2. Open the repository in Visual Studio Code.
  3. When prompted "Reopen in Container", click the button. (If you don't see a prompt, you can open the Command Palette (Ctrl+Shift+P or Cmd+Shift+P) and select "Dev Containers: Reopen in Container".)
  4. VS Code will build the dev container image (as defined in .devcontainer/devcontainer.json and Dockerfile) and start the container. This might take a few minutes the first time.
  5. Once the container is built and started, your VS Code will be connected to this environment. The postCreateCommand (npm install) will ensure all dependencies are installed.

Running Tests in the Dev Container

After opening the project in the dev container:

  1. Open a new terminal in VS Code (it will be a terminal inside the container).

  2. Run the tests using the command:

    Copy & paste β€” that's it
    npm test

This setup mirrors the environment used in GitHub Actions for tests, ensuring consistency between local development and CI.

License

This project is licensed under the MIT License. See the LICENSE file for details.