MCP Server · Live on npm

Give Claude
hands inside
Replit.

ReplBridge is the MCP bridge that connects Claude Desktop to your live Replit workspace. Read files. Write code. Run commands. Check git. All safely — with snapshots, allowlists, and a path jail.

⚡ Join the waitlist ⌥ View on GitHub

$ npm install @replbridge/mcp-server

MCP tools

v0.1.0

Live on npm

MIT

Open source

Claude Desktop — ReplBridge connected

// You type this in Claude Desktop: You › Use ReplBridge to check workspace status.
// Claude calls the tool: ⚙ workspace_status → calling agent...
// Your Replit workspace responds: Claude › Here's your workspace: cwd: /home/runner/workspace stack: Node.js v24.13.0 git: main (3 unstaged changes)
You › Run npm run build and show me errors.
⚙ run_command → "npm run build" Claude › Build passed. Exit 0. 1.9s. tsc compiled clean — no errors.

// 01 — The Problem

AI can suggest.
ReplBridge lets it act.

Most AI tools fall into two buckets: safe but passive, or powerful but dangerous. ReplBridge is a third thing — controlled execution.

// Copilot / ChatGPT

Suggests code inline
Great autocomplete
Explains concepts
Can't touch your files
Can't run commands
Can't see git state
Doesn't know your Replit workspace

// ReplBridge
Reads and writes real files
Runs allowlisted commands
Checks git status + diff
Lives inside your Replit container
Auto-snapshots before every write
Soft deletes — nothing is permanent
Works alongside Copilot

🧠

Copilot writes code

Use Copilot for inline suggestions and autocomplete. That's what it's built for.

🔧

ReplBridge changes your codebase

ReplBridge lets Claude update 3 files, run tests, and report back what changed. Different layer, different job.

⚡

They work together

Claude via ReplBridge for system-level operations. Copilot for fast inline help. Two tools, two jobs.

▶

Demo video coming soon

// Replace this with your screen recording

// 02 — The Tools

9 tools. All tested.
All live on npm.

Every tool has been manually tested end-to-end against a live Replit workspace. Not a demo — a working product.

workspace_status

Stack detection, Node version, git branch, working directory.

list_files

Directory listing with sensitive paths automatically hidden.

read_file

Read any file up to 500KB. Secrets and .env files blocked.

write_file

Write a file. Previous version is auto-snapshotted before overwrite.

soft_delete_file

Moves to .replbridge/trash. Nothing is permanently deleted.

list_allowed_commands

Shows exactly what commands are permitted before running anything.

run_command

Execute allowlisted commands. npm build, test, lint. Python pytest.

git_status

See what's modified, staged, or untracked in your workspace.

git_diff

Line-by-line diff of unstaged changes. Know exactly what changed.

// 03 — Trust Infrastructure

Built for the question
every dev asks first.

"What happens when it makes a mistake?" ReplBridge answers that question before you have to ask it.

Path Jail

Symlink-proof path containment

Every file operation is resolved against the workspace root with both lexical and filesystem checks. Symlink escapes, path traversal, and ../../etc/passwd attacks are blocked at the layer before your code ever runs.

Command Allowlist

Exact-match only — no wildcards

Commands are allowlisted, not blocklisted. Only npm run build, npm test, git status, and a handful of others are permitted. Arbitrary shell execution is architecturally impossible.

Auto Snapshots

Every write is reversible

Before Claude overwrites any file, a timestamped snapshot is saved to .replbridge/snapshots/. You can always recover the previous version. No write is permanent until you decide it is.

Soft Delete

Trash, not nuke

Deleted files go to .replbridge/trash/ with a timestamp. Nothing is permanently removed. Recovering a "deleted" file is a copy operation, not a prayer to your backup system.

Token Auth

Timing-safe bearer authentication

Every request to the workspace agent requires a Bearer token, validated with crypto.timingSafeEqual. Timing attacks that try to brute-force the token character-by-character are not possible.

Secrets Blocked

Claude never sees your .env

.env, secrets, node_modules, .git, and other sensitive paths are blocked from listing, reading, and writing. They don't show up. They can't be touched.

// 04 — Questions

The questions devs actually ask.

No fluff. Direct answers.

Why would I use this when Copilot already exists?+

You wouldn't replace Copilot — you'd use both. Copilot helps you write code inline. ReplBridge lets Claude operate on your codebase: update files, run builds, check git across your project. These are different layers of the same workflow.

Why not just give the agent terminal access?+

No rollback. No visibility. No constraints. Full terminal access works for experiments. It doesn't scale to real projects, teams, or production code. ReplBridge gives Claude precisely what it needs and nothing more — with snapshots if something goes wrong.

Does this work with my existing Replit projects?+

Yes. The workspace agent deploys into any Replit project — Node.js, Python, or static HTML. Stack detection is automatic. No changes to your existing code are required.

Is the MCP server free to install?+

Yes. @replbridge/mcp-server is open source (MIT) and free on npm. The core tool will always be free. We're building a hosted cloud tier that will have a paid plan for power users and teams.

What happens when my Replit workspace goes to sleep?+

Claude will get an AGENT_UNREACHABLE error and tell you the workspace isn't responding. You wake up the Replit tab and try again. Our hosted cloud tier will solve this with persistent agent connections.

Why will this continue to be relevant as AI improves?+

Because AI is moving from suggesting to doing — and the harder problem is doing it safely. ReplBridge's security model — path jail, allowlists, snapshots, soft deletes — is trust infrastructure. That becomes more valuable as AI gets smarter, not less.

Give Claudehands insideReplit.

AI can suggest.ReplBridge lets it act.