MCP Sandbox
@danstarns
Turn any JavaScript module into a sandboxed MCP (Model Context Protocol) server with automatic reflection and type inference.
Overview
What is MCP Sandbox?
MCP Sandbox automatically converts JavaScript modules into MCP (Model Context Protocol) compatible servers, making any JavaScript function accessible to AI systems. It uses VM sandboxing for security, automatic type inference, and generates proper MCP configurations. It is for developers who want to expose JavaScript functions as tools for AI models without writing MCP server code manually.
How to use MCP Sandbox?
Install globally with npm install -g @mcp-sandbox/cli and run mcp-sandbox start <module> to start an MCP server for any JavaScript module. The server runs at http://localhost:3000 by default, and tools are automatically discovered from exported functions in the module.
Key features of MCP Sandbox
- Automatic reflection of JavaScript modules and function signatures
- Secure sandboxing with VM isolation and configurable timeouts
- Smart type inference from parameter defaults and naming patterns
- JSDoc integration for extracting documentation from comments
- Full JSON-RPC 2.0 and SSE protocol support
- Legacy REST API endpoints for easy testing
Use cases of MCP Sandbox
- Expose math or string utility functions as AI-callable tools
- Turn any Node.js module into a server for MCP-compatible agents
- Provide a secure sandbox for running untrusted JavaScript functions
- Rapidly prototype MCP tools without writing boilerplate server code
FAQ from MCP Sandbox
What is MCP Sandbox and what problem does it solve?
MCP Sandbox automatically converts JavaScript modules into MCP compatible servers, eliminating the need to manually write MCP server code for exposing functions to AI systems.
What are the runtime requirements and how do I install it?
Requires Node.js and npm. Install globally with npm install -g @mcp-sandbox/cli or add packages @mcp-sandbox/core and @mcp-sandbox/cli to a project.
What security measures does MCP Sandbox provide?
It provides VM isolation, configurable execution timeouts, memory limits (default 64MB), controlled require access in the sandbox, and input validation on parameters.
What transports and protocols are supported?
Full MCP protocol (JSON-RPC 2.0) via POST /mcp/jsonrpc, SSE via GET /sse, and legacy REST endpoints for testing including GET /tools and POST /execute/:toolName.