Coding Tools MCP is a new open runtime that lets any AI agent access local coding tasks—file inspection, patching, testing, and git operations—without needing external accounts or plugins.

What happened: Coding Tools MCP exposes a set of coding primitives to any MCP client, including repository inspection, file search and reading, structured code patching, test and command execution, interactive shell sessions, and git status and diff inspection. The tool does not include external agent accounts, memory, cloud tasks, web search, image generation, model routing, or plugin marketplaces.

Why it matters: This lets AI agents work directly with code on a developer's machine using a standard protocol, without requiring custom integrations for each LLM or agent. Developers can run it locally in different permission modes (read-only for safety, trusted for development, or dangerous for isolated environments) and optionally expose it remotely via HTTPS tunnels with bearer-token or OAuth authentication.

What to watch: The runtime enforces a safety boundary by binding to a single workspace root, rejecting path traversal and symlink escapes, and applying exec_command controls including timeouts, destructive-command checks, and sensitive-value filtering. On Linux with Landlock support it applies filesystem confinement; on other systems external sandboxing is required before running untrusted commands.