MCP.so
Sign In

Secure Agent Workspace

@HrRodan

About Secure Agent Workspace

A sandboxed, agentic workspace providing secure filesystem, bash, and uv-powered Python execution.

Basic information

Category

AI & Agents

Runtime

python

Transports

stdio

Publisher

HrRodan

Submitted by

Martin

Config

Add this server to your MCP-compatible client using the configuration below.

{
  "mcpServers": {
    "agent-workspace-mcp": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "--init",
        "--memory=2g",
        "--cpus=2.0",
        "--pids-limit=256",
        "--cap-drop=ALL",
        "--security-opt=no-new-privileges:true",
        "--read-only",
        "--tmpfs",
        "/tmp:size=64m",
        "--tmpfs",
        "/home/mcpuser/.cache:size=512m",
        "--user",
        "1000:1000",
        "-v",
        "/path/to/your/projects:/workspace",
        "ghcr.io/hrrodan/agent-workspace-mcp:latest"
      ]
    }
  }
}

Tools

No tools detected

We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.

Overview

What is Secure Agent Workspace?

Secure Agent Workspace is a Model Context Protocol (MCP) server that provides a highly secure, containerized workspace for LLM agents. It allows agents to autonomously code, test, and debug in an isolated Docker sandbox, protecting the host machine.

How to use Secure Agent Workspace?

Pull or build the Docker image, then configure your MCP client (e.g., Claude Desktop) with a docker run command that includes resource limits, security options, and a volume mount to your project directory. Alternatively, use the OpenAI Agents SDK with an MCPServerStdio to invoke the server programmatically. Environment variables such as COMMAND_TIMEOUT and LOG_LEVEL can be set via Docker --env.

Key features of Secure Agent Workspace

  • Full project lifecycle (uv init, add, run)
  • Secure bash execution with timeouts
  • Token-optimized output via RTK (60–90% savings)
  • Path-traversal protected filesystem operations
  • Multi-layer security (non-root, dropped capabilities, read-only)
  • Precision editing with fuzzy matching and syntax validation

Use cases of Secure Agent Workspace

  • Agents autonomously create, test, and debug code in a sandboxed environment
  • Manage project dependencies using uv add and uv run
  • Perform precise file edits with syntax validation to prevent broken code
  • Search workspace for files using glob patterns, excluding high-noise directories

FAQ from Secure Agent Workspace

What runtime environment does Secure Agent Workspace require?

The server runs inside a Docker container. The host needs Docker Engine, and the container image can be pulled from GHCR or built locally.

How does Secure Agent Workspace protect the host system?

Comments

More AI & Agents MCP servers