playbooks

home / mcp / mcp server code execution mode mcp server

MCP Server Code Execution Mode MCP Server

An MCP server that executes Python code in isolated rootless containers with optional MCP server proxying. Implementation of Anthropic's and Cloudflare's ideas for reducing MCP tool definitions context bloat.

Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "elusznik-mcp-server-code-execution-mode": {
      "command": "uvx",
      "args": [
        "--from",
        "git+https://github.com/elusznik/mcp-server-code-execution-mode",
        "mcp-server-code-execution-mode",
        "run"
      ],
      "env": {
        "MCP_BRIDGE_IMAGE": "python:3.14-slim",
        "MCP_BRIDGE_RUNTIME": "podman",
        "MCP_BRIDGE_TIMEOUT": "30s",
        "MCP_BRIDGE_LOG_LEVEL": "INFO",
        "MCP_BRIDGE_STATE_DIR": "~/MCPs"
      }
    }
  }
}

You will run a secure, rootless code-execution bridge that proxies MCP servers inside isolated containers. This server lets your agent discover, query, and execute tools across many MCP endpoints by writing Python code in a sandbox, keeping per-invocation context small while still enabling powerful workflows.

How to use

Use the code-execution bridge as a single, universal tool that your agent talks to. The agent discovers available MCP servers on demand, queries their tool schemas only when needed, writes Python that orchestrates discovery and execution, and then the bridge proxies the actual tool calls inside a sandboxed container.

Typical usage patterns include: - Discovering which MCP servers exist and what tools they expose - Loading only the necessary tool documents for the server you plan to use - Writing a compact Python script that imports the generated MCP proxies and calls tools inside the sandbox - Keeping the system prompt small and letting the agent hydrate tool schemas on demand to avoid token bloat.

When you execute code, you can rely on persistent sessions so variables and imports survive across calls. You also get rootless containers with strict isolation, so untrusted code runs without risking your host system.

How to install

Prerequisites: ensure you have Python 3.11+ and a compatible runtime for containers.

1) Install the project runtime and dependencies 2) Start the bridge using the ready-made run command 3) Register the bridge with your MCP client so your agent can load the server configuration

Concrete commands from the setup flow are shown here. Run each line in sequence to prepare and launch the bridge.

uv sync

uvx --from git+https://github.com/elusznik/mcp-server-code-execution-mode mcp-server-code-execution-mode run

# If you prefer a local checkout
uv run python mcp_server_code_execution_mode.py

# Optional: bring your agent's config up to date with the MCP server
# Include the stdio config in your agent configuration file
{
  "mcpServers": {
    "mcp-server-code-execution-mode": {
      "command": "uvx",
      "args": [
        "--from",
        "git+https://github.com/elusznik/mcp-server-code-execution-mode",
        "mcp-server-code-execution-mode",
        "run"
      ],
      "env": {
        "MCP_BRIDGE_RUNTIME": "podman"
      }
    }
  }
}

Additional sections

Configuration details, security posture, and practical examples help you deploy and operate the bridge confidently. The bridge is designed for robust production use with rootless containers, strict isolation, and controlled resource limits.

Security features include rootless containers, no network access, a read-only filesystem, dropped capabilities, unprivileged user, and explicit resource caps. The bridge runs in a sandbox that prevents escalation or container escapes.

Configuration options cover environment variables, server discovery sources, and how to verify state sharing between the host and the container. You can relocate state with MCP_BRIDGE_STATE_DIR and tailor response formats with MCP_BRIDGE_OUTPUT_MODE.

Troubleshooting tips: - Ensure the container runtime is available and accessible - Verify there are no recursive configurations that would launch the bridge again - Check that the state directory is shared with the container runtime when needed - Use the capability and discovery helpers to sanity-check what the bridge has loaded

Available tools

run_python

Executes Python code inside a sandboxed MCP-enabled environment, loading requested MCP servers and proxies to run tools.

discovered_servers

Return a list of available MCP servers without loading full tool schemas.

list_servers

Return cached MCP servers loaded into the bridge.

query_tool_docs

Load tool schemas for a specific server on demand.

search_tool_docs

Fuzzy search across loaded servers to find tools matching a query.

capability_summary

Provide a concise description of what the bridge can do at a high level.

describe_server

Return detailed metadata for a selected MCP server, including its tools.

list_loaded_server_metadata

List metadata for all servers currently loaded in the active session.

list_tools_sync

Synchronous helper to list tools from a loaded server.

mcp_serena

Proxy for the Serena MCP server tooling accessed inside the sandbox.

mcp_filesystem

Access the filesystem-related MCP tools inside the sandbox.

mcp_google_drive

Interact with Google Drive documents through MCP tools.

mcp_salesforce

Update Salesforce records using MCP tools.

mcp_jira

Query Jira issues and fetch issue details via MCP tools.

mcp_github

Create GitHub issues or interact with GitHub via MCP tools.

mcp_runtime

Runtime helper utilities for tool invocation and orchestration.