MCP.so
登录

Secure Agent Workspace

@HrRodan

关于 Secure Agent Workspace

A sandboxed, agentic workspace providing secure filesystem, bash, and uv-powered Python execution.

基本信息

分类

AI 与智能体

运行时

python

传输方式

stdio

发布者

HrRodan

提交者

Martin

配置

使用下面的配置,将此服务器添加到你的 MCP 客户端。

{
  "mcpServers": {
    "agent-workspace-mcp": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "--init",
        "--memory=2g",
        "--cpus=2.0",
        "--pids-limit=256",
        "--cap-drop=ALL",
        "--security-opt=no-new-privileges:true",
        "--read-only",
        "--tmpfs",
        "/tmp:size=64m",
        "--tmpfs",
        "/home/mcpuser/.cache:size=512m",
        "--user",
        "1000:1000",
        "-v",
        "/path/to/your/projects:/workspace",
        "ghcr.io/hrrodan/agent-workspace-mcp:latest"
      ]
    }
  }
}

工具

未检测到工具

工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。

概览

What is Secure Agent Workspace?

Secure Agent Workspace is a Model Context Protocol (MCP) server that provides a highly secure, containerized workspace for LLM agents. It allows agents to autonomously code, test, and debug in an isolated Docker sandbox, protecting the host machine.

How to use Secure Agent Workspace?

Pull or build the Docker image, then configure your MCP client (e.g., Claude Desktop) with a docker run command that includes resource limits, security options, and a volume mount to your project directory. Alternatively, use the OpenAI Agents SDK with an MCPServerStdio to invoke the server programmatically. Environment variables such as COMMAND_TIMEOUT and LOG_LEVEL can be set via Docker --env.

Key features of Secure Agent Workspace

  • Full project lifecycle (uv init, add, run)
  • Secure bash execution with timeouts
  • Token-optimized output via RTK (60–90% savings)
  • Path-traversal protected filesystem operations
  • Multi-layer security (non-root, dropped capabilities, read-only)
  • Precision editing with fuzzy matching and syntax validation

Use cases of Secure Agent Workspace

  • Agents autonomously create, test, and debug code in a sandboxed environment
  • Manage project dependencies using uv add and uv run
  • Perform precise file edits with syntax validation to prevent broken code
  • Search workspace for files using glob patterns, excluding high-noise directories

FAQ from Secure Agent Workspace

What runtime environment does Secure Agent Workspace require?

The server runs inside a Docker container. The host needs Docker Engine, and the container image can be pulled from GHCR or built locally.

How does Secure Agent Workspace protect the host system?

评论

AI 与智能体 分类下的更多 MCP 服务器