概要
What is Secure Agent Workspace?
Secure Agent Workspace is a Model Context Protocol (MCP) server that provides a highly secure, containerized workspace for LLM agents. It allows agents to autonomously code, test, and debug in an isolated Docker sandbox, protecting the host machine.
How to use Secure Agent Workspace?
Pull or build the Docker image, then configure your MCP client (e.g., Claude Desktop) with a docker run command that includes resource limits, security options, and a volume mount to your project directory. Alternatively, use the OpenAI Agents SDK with an MCPServerStdio to invoke the server programmatically. Environment variables such as COMMAND_TIMEOUT and LOG_LEVEL can be set via Docker --env.
Key features of Secure Agent Workspace
- Full project lifecycle (uv init, add, run)
- Secure bash execution with timeouts
- Token-optimized output via RTK (60–90% savings)
- Path-traversal protected filesystem operations
- Multi-layer security (non-root, dropped capabilities, read-only)
- Precision editing with fuzzy matching and syntax validation
Use cases of Secure Agent Workspace
- Agents autonomously create, test, and debug code in a sandboxed environment
- Manage project dependencies using
uv addanduv run - Perform precise file edits with syntax validation to prevent broken code
- Search workspace for files using glob patterns, excluding high-noise directories
FAQ from Secure Agent Workspace
What runtime environment does Secure Agent Workspace require?
The server runs inside a Docker container. The host needs Docker Engine, and the container image can be pulled from GHCR or built locally.