<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
    <channel>
        <title>AI Programming on KnightLi Blog</title>
        <link>https://knightli.com/en/tags/ai-programming/</link>
        <description>Recent content in AI Programming on KnightLi Blog</description>
        <generator>Hugo -- gohugo.io</generator>
        <language>en</language>
        <lastBuildDate>Sun, 12 Jul 2026 10:34:00 +0800</lastBuildDate><atom:link href="https://knightli.com/en/tags/ai-programming/index.xml" rel="self" type="application/rss+xml" /><item>
        <title>How to install DesktopCommanderMCP: Claude Code file search, terminal control and differential editing configuration</title>
        <link>https://knightli.com/en/2026/07/12/desktop-commander-mcp-claude-code-codex-install-config-guide/</link>
        <pubDate>Sun, 12 Jul 2026 10:34:00 +0800</pubDate>
        
        <guid>https://knightli.com/en/2026/07/12/desktop-commander-mcp-claude-code-codex-install-config-guide/</guid>
        <description>&lt;p&gt;DesktopCommanderMCP is a local MCP server that allows Claude Code, Codex and other compatible clients to search for files, read and edit text, execute terminal commands and view the output of long tasks. It is suitable for scenarios where &amp;ldquo;let AI complete retrieval, modification and verification in a designated workspace&amp;rdquo;, rather than handing over the entire computer to the model unconditionally.&lt;/p&gt;
&lt;p&gt;It appeared on GitHub Trending this week, indicating that developers are paying more attention; but it is more important to understand permissions before installation: the command will be run as the current user who started the server. Therefore, narrow down the working directory and authorization scope first, and then think about automation.&lt;/p&gt;
&lt;h2 id=&#34;what-desktopcommandermcp-can-do&#34;&gt;What DesktopCommanderMCP can do
&lt;/h2&gt;&lt;p&gt;According to the project description, in addition to the standard MCP file system capabilities, it supplements the following common capabilities:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Recursively search files and text content, which can be used for code base location;&lt;/li&gt;
&lt;li&gt;Small range text replacement and multi-file editing can be used for differential modification;&lt;/li&gt;
&lt;li&gt;Run terminal commands, stream read output, background execution and process management;&lt;/li&gt;
&lt;li&gt;Perform paged reading of large file output to reduce the amount of content stuffed into the context at once;&lt;/li&gt;
&lt;li&gt;Read and process common files such as CSV, JSON, Excel, PDF, DOCX, etc.;&lt;/li&gt;
&lt;li&gt;Tool calls audit logs, command block lists, and symbolic link protection for file operations.&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;These capabilities do not mean that every client will display the tool in the same way, nor that all operations should be automatically approved. The more it can do, the more important it is to let the model first describe the command to be executed, the target path, and the expected changes.&lt;/p&gt;
&lt;h2 id=&#34;safety-check-before-installation&#34;&gt;Safety check before installation
&lt;/h2&gt;&lt;p&gt;Complete these items first before adding the MCP:&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;Install Node.js and verify that &lt;code&gt;npx&lt;/code&gt; is available in the terminal.&lt;/li&gt;
&lt;li&gt;Create a separate project directory for your AI work, do not initially expose it to your personal home directory, downloads directory, or configuration directory containing credentials.&lt;/li&gt;
&lt;li&gt;Confirm the client&amp;rsquo;s permissions policy: High-risk commands, deletions, network requests, and bulk modifications should require confirmation.&lt;/li&gt;
&lt;li&gt;Only test in trusted repositories or restorable working copies; commit important projects to Git or create backups first.&lt;/li&gt;
&lt;li&gt;For stronger isolation, prioritize Docker and only mount folders you clearly need.&lt;/li&gt;
&lt;/ol&gt;
&lt;p&gt;Don&amp;rsquo;t put API keys, private keys, browser profiles, cryptographic libraries, or production configuration files in freely searchable directories. DesktopCommanderMCP&amp;rsquo;s commands are executed with your user rights. MCP is not a secure sandbox.&lt;/p&gt;
&lt;h2 id=&#34;claude-code-installation-command&#34;&gt;Claude Code installation command
&lt;/h2&gt;&lt;p&gt;Run in terminal:&lt;/p&gt;
&lt;div class=&#34;highlight&#34;&gt;&lt;div class=&#34;chroma&#34;&gt;
&lt;table class=&#34;lntable&#34;&gt;&lt;tr&gt;&lt;td class=&#34;lntd&#34;&gt;
&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code&gt;&lt;span class=&#34;lnt&#34;&gt;1
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/td&gt;
&lt;td class=&#34;lntd&#34;&gt;
&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-bash&#34; data-lang=&#34;bash&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;claude mcp add --scope user desktop-commander -- npx -y @wonderwhy-er/desktop-commander@latest
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;
&lt;/div&gt;
&lt;/div&gt;&lt;p&gt;&lt;code&gt;--scope user&lt;/code&gt; means adding the server to the current user scope. If you only want the current project to use it, remove &lt;code&gt;--scope user&lt;/code&gt; and then execute it in the project directory. Restart Claude Code after installation, or confirm in the client&amp;rsquo;s MCP list that &lt;code&gt;desktop-commander&lt;/code&gt; is connected.&lt;/p&gt;
&lt;p&gt;The first time you use it you can give it a low risk task, for example:&lt;/p&gt;
&lt;blockquote&gt;
&lt;p&gt;Only search for TypeScript files containing &lt;code&gt;TODO&lt;/code&gt; in the current project, list the path and line number, do not modify the file, and do not run the command.&lt;/p&gt;
&lt;/blockquote&gt;
&lt;p&gt;Confirm that the file search results are as expected before allowing it to perform tests or differential edits.&lt;/p&gt;
&lt;h2 id=&#34;codex-installation-and-toml-configuration&#34;&gt;Codex installation and TOML configuration
&lt;/h2&gt;&lt;p&gt;For Codex, you can run directly:&lt;/p&gt;
&lt;div class=&#34;highlight&#34;&gt;&lt;div class=&#34;chroma&#34;&gt;
&lt;table class=&#34;lntable&#34;&gt;&lt;tr&gt;&lt;td class=&#34;lntd&#34;&gt;
&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code&gt;&lt;span class=&#34;lnt&#34;&gt;1
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/td&gt;
&lt;td class=&#34;lntd&#34;&gt;
&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-bash&#34; data-lang=&#34;bash&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;codex mcp add desktop-commander -- npx -y @wonderwhy-er/desktop-commander@latest
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;
&lt;/div&gt;
&lt;/div&gt;&lt;p&gt;You can also write &lt;code&gt;~/.codex/config.toml&lt;/code&gt; manually:&lt;/p&gt;
&lt;div class=&#34;highlight&#34;&gt;&lt;div class=&#34;chroma&#34;&gt;
&lt;table class=&#34;lntable&#34;&gt;&lt;tr&gt;&lt;td class=&#34;lntd&#34;&gt;
&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code&gt;&lt;span class=&#34;lnt&#34;&gt;1
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;2
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;3
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/td&gt;
&lt;td class=&#34;lntd&#34;&gt;
&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-toml&#34; data-lang=&#34;toml&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;p&#34;&gt;[&lt;/span&gt;&lt;span class=&#34;nx&#34;&gt;mcp_servers&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;.&lt;/span&gt;&lt;span class=&#34;nx&#34;&gt;desktop-commander&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;]&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;nx&#34;&gt;command&lt;/span&gt; &lt;span class=&#34;p&#34;&gt;=&lt;/span&gt; &lt;span class=&#34;s2&#34;&gt;&amp;#34;npx&amp;#34;&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;nx&#34;&gt;args&lt;/span&gt; &lt;span class=&#34;p&#34;&gt;=&lt;/span&gt; &lt;span class=&#34;p&#34;&gt;[&lt;/span&gt;&lt;span class=&#34;s2&#34;&gt;&amp;#34;-y&amp;#34;&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;,&lt;/span&gt; &lt;span class=&#34;s2&#34;&gt;&amp;#34;@wonderwhy-er/desktop-commander@latest&amp;#34;&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;]&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;
&lt;/div&gt;
&lt;/div&gt;&lt;p&gt;After manual configuration, open a new Codex session and check if the MCP is loaded. If the project only needs temporary use, give priority to project-level or session-level configuration; do not permanently expose high-privilege file tools to all projects for the debugging task of a warehouse.&lt;/p&gt;
&lt;h2 id=&#34;how-to-use-file-search-and-differential-editing&#34;&gt;How to use file search and differential editing
&lt;/h2&gt;&lt;p&gt;The value of DesktopCommanderMCP is not to &amp;ldquo;let the model directly rewrite the entire warehouse&amp;rdquo;, but to narrow the scope first and then produce reviewable changes. A safe order is:&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;First specify the project root directory that is allowed to be accessed.&lt;/li&gt;
&lt;li&gt;The model is asked to first search for keywords and list hit files.&lt;/li&gt;
&lt;li&gt;Let it read the minimum amount of relevant code and tests.&lt;/li&gt;
&lt;li&gt;Explicitly ask to make only one logical change and show the diff.&lt;/li&gt;
&lt;li&gt;Review the diff before allowing targeted tests to be written and run.&lt;/li&gt;
&lt;/ol&gt;
&lt;p&gt;For example:&lt;/p&gt;
&lt;blockquote&gt;
&lt;p&gt;Search the current warehouse for the call point of &lt;code&gt;createClient&lt;/code&gt;. List path, purpose, and test files first; do not write. Once confirmed, replace the base URL only in the file responsible for API initialization and show the differences. Do not modify the lock file or extraneous formats.&lt;/p&gt;
&lt;/blockquote&gt;
&lt;p&gt;This type of directive is more controllable than &amp;ldquo;fix API configuration&amp;rdquo;: path ranges, modification targets, prohibitions, and validation actions are all clear.&lt;/p&gt;
&lt;h2 id=&#34;how-to-control-long-commands-and-background-processes&#34;&gt;How to control long commands and background processes
&lt;/h2&gt;&lt;p&gt;The tool supports command output streaming, background execution, process lists, and stopping processes, making it suitable for building, developing servers, or testing longer tasks. But long-term processes should not be left unattended.&lt;/p&gt;
&lt;p&gt;Suggestions:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Start by running a read-only or short-lived command such as &lt;code&gt;git status&lt;/code&gt;, a single test file, or a dry run of the build;&lt;/li&gt;
&lt;li&gt;Set a reasonable timeout for the command, do not default to running indefinitely;&lt;/li&gt;
&lt;li&gt;Before starting a development server, migration, or batch script, require the model to specify the port, write path, and stop method;&lt;/li&gt;
&lt;li&gt;View the log in pages, do not fill the complete build log with the model;&lt;/li&gt;
&lt;li&gt;After completion, confirm that the background process has exited to avoid port occupation or leaving child processes behind.&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;If the model proposes a command to delete, reset, overwrite, upload, deploy, or access production, it should stop at the confirmation point. Just because the tool can be executed does not mean that the operation has been authorized by the business.&lt;/p&gt;
&lt;h2 id=&#34;when-is-docker-isolation-suitable&#34;&gt;When is Docker isolation suitable?
&lt;/h2&gt;&lt;p&gt;If you don’t want to install Node.js locally, or if you want to limit the visible range of files, you can use the Docker method provided by the project. The basic configuration is as follows:&lt;/p&gt;
&lt;div class=&#34;highlight&#34;&gt;&lt;div class=&#34;chroma&#34;&gt;
&lt;table class=&#34;lntable&#34;&gt;&lt;tr&gt;&lt;td class=&#34;lntd&#34;&gt;
&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code&gt;&lt;span class=&#34;lnt&#34;&gt;1
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;2
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;3
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;4
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;5
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;6
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;7
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;8
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/td&gt;
&lt;td class=&#34;lntd&#34;&gt;
&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-json&#34; data-lang=&#34;json&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;p&#34;&gt;{&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;  &lt;span class=&#34;nt&#34;&gt;&amp;#34;mcpServers&amp;#34;&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;:&lt;/span&gt; &lt;span class=&#34;p&#34;&gt;{&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;    &lt;span class=&#34;nt&#34;&gt;&amp;#34;desktop-commander-in-docker&amp;#34;&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;:&lt;/span&gt; &lt;span class=&#34;p&#34;&gt;{&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;      &lt;span class=&#34;nt&#34;&gt;&amp;#34;command&amp;#34;&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;:&lt;/span&gt; &lt;span class=&#34;s2&#34;&gt;&amp;#34;docker&amp;#34;&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;      &lt;span class=&#34;nt&#34;&gt;&amp;#34;args&amp;#34;&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;:&lt;/span&gt; &lt;span class=&#34;p&#34;&gt;[&lt;/span&gt;&lt;span class=&#34;s2&#34;&gt;&amp;#34;run&amp;#34;&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;,&lt;/span&gt; &lt;span class=&#34;s2&#34;&gt;&amp;#34;-i&amp;#34;&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;,&lt;/span&gt; &lt;span class=&#34;s2&#34;&gt;&amp;#34;--rm&amp;#34;&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;,&lt;/span&gt; &lt;span class=&#34;s2&#34;&gt;&amp;#34;mcp/desktop-commander:latest&amp;#34;&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;]&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;    &lt;span class=&#34;p&#34;&gt;}&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;  &lt;span class=&#34;p&#34;&gt;}&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;p&#34;&gt;}&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;
&lt;/div&gt;
&lt;/div&gt;&lt;p&gt;This basic configuration does not mount the local directory, so the host files cannot be edited directly. When you need to operate a project, only mount a clear directory, such as a workspace, and map it to a fixed path in the container; do not mount the entire user directory, root directory, or credential directory. Docker can reduce the scope of misoperation, but the mounted directory will still be modified by commands within the container.&lt;/p&gt;
&lt;h2 id=&#34;troubleshooting-common-problems&#34;&gt;Troubleshooting common problems
&lt;/h2&gt;&lt;h3 id=&#34;client-does-not-see-mcp-tool&#34;&gt;Client does not see MCP tool
&lt;/h3&gt;&lt;p&gt;Check whether Node.js and &lt;code&gt;npx&lt;/code&gt; can run, confirm that the configuration file is written in the location where the corresponding client actually reads it, and then restart the client or open a new session. Also check that the MCP configuration is valid JSON/TOML and that there are no conflicting server entries with the same name.&lt;/p&gt;
&lt;h3 id=&#34;npx-starts-slowly-or-fails-every-time-after-installation&#34;&gt;&lt;code&gt;npx&lt;/code&gt; starts slowly or fails every time after installation.
&lt;/h3&gt;&lt;p&gt;First run it separately in the terminal:&lt;/p&gt;
&lt;div class=&#34;highlight&#34;&gt;&lt;div class=&#34;chroma&#34;&gt;
&lt;table class=&#34;lntable&#34;&gt;&lt;tr&gt;&lt;td class=&#34;lntd&#34;&gt;
&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code&gt;&lt;span class=&#34;lnt&#34;&gt;1
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/td&gt;
&lt;td class=&#34;lntd&#34;&gt;
&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-bash&#34; data-lang=&#34;bash&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;npx -y @wonderwhy-er/desktop-commander@latest
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;
&lt;/div&gt;
&lt;/div&gt;&lt;p&gt;Observe whether Node.js, the network, npm cache, or the enterprise proxy are causing the problem. Don&amp;rsquo;t attribute &amp;ldquo;client not connecting&amp;rdquo; directly to the MCP configuration; first make sure the command itself starts, then go back to the client log to check the stdio connection.&lt;/p&gt;
&lt;h3 id=&#34;the-model-searched-for-files-that-should-not-be-seen&#34;&gt;The model searched for files that should not be seen.
&lt;/h3&gt;&lt;p&gt;Stop the MCP session immediately and check the client workspace, startup directory, and Docker mount directory. Then narrow the accessible paths, move sensitive files out, and retest the read-only search. Don&amp;rsquo;t rely on &amp;ldquo;don&amp;rsquo;t look&amp;rdquo; in prompt words as a substitute for path and permission isolation.&lt;/p&gt;
&lt;h3 id=&#34;difference-editing-changes-too-much&#34;&gt;Difference editing changes too much
&lt;/h3&gt;&lt;p&gt;First restore to the known state of Git or use the editor&amp;rsquo;s diff to undo, and then split the task into small pieces: only one file, one function, or one type of replacement is allowed at a time, and the modification plan and diff are required to be output first. For batch replacements, do a test run on a copy or a small number of files first.&lt;/p&gt;
&lt;h2 id=&#34;relevance-to-the-generic-mcp-troubleshooting-article&#34;&gt;Relevance to the Generic MCP Troubleshooting Article
&lt;/h2&gt;&lt;p&gt;If the problem is that the server connection fails, the configuration is not loaded, the tool call error is reported, or the client does not find MCP, first refer to [How to troubleshoot MCP tool call failure] (/en/2026/07/08/mcp-tool-call-failure-troubleshooting-faq/). This article further deals with the specific installation, file permissions, terminal operation and differential editing strategies of DesktopCommanderMCP; the two articles can be used in combination to separate &amp;ldquo;unable to connect&amp;rdquo; and &amp;ldquo;how to use it safely after connecting&amp;rdquo;.&lt;/p&gt;
&lt;h2 id=&#34;summary&#34;&gt;Summary
&lt;/h2&gt;&lt;p&gt;DesktopCommanderMCP is suitable for putting file search, differential editing and terminal verification into the same workflow in Claude Code or Codex. The correct way to use it is to install in a restricted project directory first, perform a read-only search first, then review the diff, and finally allow writing and testing; long-term commands, sensitive directories and Docker mounts must have clear boundaries. This can not only maximize the efficiency of MCP, but also avoid the risk of turning local permissions into unreviewable automation.&lt;/p&gt;
&lt;p&gt;Official warehouse: &lt;a class=&#34;link&#34; href=&#34;https://github.com/wonderwhy-er/DesktopCommanderMCP&#34;  target=&#34;_blank&#34; rel=&#34;noopener&#34;
    &gt;https://github.com/wonderwhy-er/DesktopCommanderMCP&lt;/a&gt;&lt;/p&gt;
</description>
        </item>
        
    </channel>
</rss>
