Safe-DOCX is a local MCP server for surgically editing existing .docx files. It preserves formatting, generates tracked-changes redlines, and — once installed — runs entirely on the local filesystem with zero network activity.
Safe-DOCX is fully open source (MIT license). Review the complete source before installing:
npm view @usejunior/safe-docx scripts shows no postinstall or install hooksAll security claims below are verifiable by reading the source.
Safe-DOCX requires these binaries to be available on the host:
| Binary | Minimum version | Why |
|---|---|---|
| -------- | ----------------- | ----- |
node | 18.0.0 | Authoritative version from packages/safe-docx/package.json engines field |
npx | Bundled with npm | Used by the recommended MCP connector to launch the server |
If you prefer not to use npx, see Offline / Pinned Installation below for alternatives.
Safe-DOCX's safety model has two distinct phases: install time (when the package is fetched) and runtime (when the MCP server is running).
npx -y @usejunior/safe-docx downloads the package from registry.npmjs.org on first run. Subsequent runs use the cached copy unless the cache is cleared.postinstall, preinstall, or install hooks. Verify with npm view @usejunior/safe-docx scripts.--provenance), so you can verify the package was built from the public GitHub repo via GitHub Actions.src/server.ts) uses StdioServerTransport with no HTTP listener. (source)grep -r "fetch\|http\.\|https\.\|net\." packages/safe-docx/src/ returns no matches in application code (test fixtures excluded).~/ (home directory) and system temp directories are accessible. Symlinks must resolve to allowed roots..docx inputs.For high-security environments where npx auto-fetch is unacceptable, install the package manually and pin the version:
# Option 1: Pin a specific version globally
npm install -g @usejunior/safe-docx@0.9.0
# Then configure your MCP client to invoke it by path:
# command: "safe-docx"
# args: []
# Option 2: Vendor the package into your project
npm pack @usejunior/safe-docx@0.9.0
# Inspect the tarball, then install it from disk:
npm install -g ./usejunior-safe-docx-0.9.0.tgz
# Option 3: Build from source (most auditable)
git clone https://github.com/UseJunior/safe-docx.git
cd safe-docx
git checkout <release-tag>
npm ci
npm run build
npm link packages/safe-docx
After any of these, your MCP client config becomes:
{
"mcpServers": {
"safe-docx": {
"command": "safe-docx",
"args": []
}
}
}
Using command: "safe-docx" (the installed binary) instead of command: "npx" eliminates the install-time network fetch on every invocation.
Even with npx, you can pin the version to prevent unexpected updates:
{
"mcpServers": {
"safe-docx": {
"command": "npx",
"args": ["-y", "@usejunior/safe-docx@0.9.0"]
}
}
}
Before upgrading, review the changelog: https://github.com/UseJunior/safe-docx/blob/main/CHANGELOG.md
Use Safe-DOCX when you need to:
.docx.docx files into a redlineSafe-DOCX edits already-existing .docx files — it does not create documents from blank. For new document generation, use a template-filling workflow (e.g. OpenAgreements). Safe-DOCX can refine generated docs downstream.
1. read_file(file_path="~/doc.docx") → see paragraphs + _bk_* IDs
2. grep(file_path="~/doc.docx", patterns=["target phrase"]) → find paragraph IDs
3. replace_text(session_id, target_paragraph_id, old_string, new_string, instruction)
4. save(session_id, save_to_local_path="~/doc-edited.docx")
Step 1 — Read. Call read_file with format: "toon" (token-efficient table) to see paragraphs and their stable _bk_* IDs.
Step 2 — Locate. Use grep with regex patterns to find target paragraphs. It returns paragraph IDs with surrounding context.
Step 3 — Edit. Use replace_text to swap text within a paragraph, or insert_paragraph to add new paragraphs before/after an anchor.
Step 4 — Save. Call save to write output. Default is save_format: "both" which produces a clean copy and a tracked-changes redline.
replace_text needs old_string to match exactly one location in the target paragraph. If the text appears multiple times, you get MULTIPLE_MATCHES. Fix: include more surrounding context in old_string.
BAD: old_string: "the Company" → 5 matches, fails
GOOD: old_string: "the Company shall indemnify" → 1 match, succeeds
read_file shows footnotes as [^1], [^2], etc., but these markers are not part of the editable text. You cannot search for or replace [^1] via replace_text. To modify footnotes, use the dedicated add_footnote, update_footnote, and delete_footnote tools.
read_file shows links as text, but you cannot create new hyperlinks via replace_text or insert_paragraph. The tag is stripped from new text. Existing hyperlinks are preserved when surrounding text is edited.
The _bk_* bookmark IDs are generated when a document is opened and are tied to that session. Do not store or reuse IDs across sessions. Always re-read the document to get fresh IDs.
replace_text is tolerant of:
", curly \u201c\u201d, angle \u00ab\u00bb all match each otherThis means you can copy text from read_file output and use it in old_string even if the underlying XML uses different quote characters.
When writing new_string in replace_text or insert_paragraph, use inline tags to apply formatting:
| Tag | Effect |
|---|---|
| ----- | -------- |
text | Bold |
text | Italic |
text | Underline |
| Yellow highlight |
Tags can be nested: bold italic. Formatting from the original matched text is preserved for untagged replacement text.
For 3+ edits on one document, prefer apply_plan over sequential replace_text calls. It validates all steps before applying any, so you get all-or-nothing transactional semantics.
1. read_file / grep → gather paragraph IDs and text
2. apply_plan(file_path, steps=[
{ step_id: "1", operation: "replace_text", target_paragraph_id, old_string, new_string, instruction },
{ step_id: "2", operation: "insert_paragraph", positional_anchor_node_id, new_string, instruction },
...
])
3. save(session_id, save_to_local_path)
insert_paragraph adds new content before or after an anchor paragraph.
position: "BEFORE" or "AFTER" (default "AFTER")style_source_id: optional _bk_* ID of a paragraph whose formatting you want to clone\n\n in new_string (each becomes its own paragraph)Comments: add_comment anchors to a paragraph (optionally to a text span via anchor_text). Use get_comments to list, delete_comment to remove. Supports threaded replies via parent_comment_id.
Footnotes: add_footnote inserts a footnote marker in a paragraph (optionally after specific text via after_text). Use get_footnotes, update_footnote, delete_footnote to manage.
Two modes:
compare_documents(original_file_path, revised_file_path, save_to_local_path) — produces a redlinecompare_documents(session_id) — compares current session state against the originalUse extract_revisions on any document with tracked changes to get structured JSON diffs.
Call accept_changes(session_id) to flatten all tracked changes into a clean document. This removes all revision markup.
file_path with any toolclear_session to clean up when doneformat_layout applies paragraph spacing, table row height, and cell padding without touching text content. Units are in twips (1/20 of a point) or DXA (1/635 of an inch).
By default, only files under ~/ (home directory) and system temp directories are accessible. Symlinks must resolve to allowed roots.
open-agreements) — fill standard legal templates (NDAs, SAFEs, cloud service agreements) and produce signable DOCX files: clawhub install open-agreements/open-agreementsoutlook-email-management) — manage Outlook email with AI agents: clawhub install stevenobiajulu/outlook-email-managementFor MCP server setup instructions (Claude Desktop, Cursor, Claude Code), see CONNECTORS.md.
If this skill helped, star us on GitHub: https://github.com/UseJunior/safe-docx
On ClawHub: clawhub star usejunior/docx-editing
共 2 个版本