playbooks

home / mcp / code sandbox mcp server

Code Sandbox MCP Server

Secure Docker-based MCP server for executing code in multiple languages with session persistence and strict isolation.

Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "timlikesai-code-sandbox-mcp": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "--interactive",
        "--network",
        "none",
        "ghcr.io/timlikesai/code-sandbox-mcp:latest"
      ]
    }
  }
}

You can run code securely in multiple languages inside a constrained Docker environment, using this MCP server to execute, test, and manage sessions across languages. It emphasizes isolation, automatic session persistence, and safe network handling, making it ideal for experimentation, education, and tooling that needs controlled code execution.

How to use

You interact with the MCP server through a client that communicates using the MCP protocol. Start a local or remote MCP client, connect to the server, and request code execution in your language of choice. Each language maintains its own isolated session so you can define functions, load libraries, and keep execution state between runs. Sessions expire after inactivity to keep resources available. You can reset sessions when you want a clean slate.

How to install

Prerequisites you need before starting: install Docker on your host.

Pull and run the pre-built MCP server image directly for quick start.

Command to pull and run the latest image:

Configuration and security considerations

You can run the MCP server with network isolation by using the network flag that disables all container networking. This ensures code cannot reach external sites or your local network unless you explicitly allow it. For higher security, you can additionally enable a read-only filesystem and strict privilege restrictions within the container.

Security

The MCP server emphasizes container isolation with resource limits, ephemeral filesystems, non-root execution, and automatic cleanup after each run. You can choose to disable network access by default and enable it only when you explicitly need features that require internet access.

Examples

To test basic execution without network access, you can run code in a single language and observe the isolated session behavior. For more advanced scenarios, enable network access temporarily to install packages or fetch data, then reset the session to maintain a clean environment for subsequent runs.

Testing and maintenance notes

All tests are designed to validate isolation, session management, and protocol compliance. Regularly build or pull the latest image, run unit tests, and verify that session data is correctly scoped per language and that cleanup happens after each run.

Available tools

execute_code

Execute code in a language with automatic session management and output capture, producing results conforming to the MCP protocol.

validate_code

Validate the syntax of code without executing it to catch errors early.

reset_session

Reset persisted sessions for one or more languages to start fresh execution contexts.