After seeing the Anthropic post and Cloudflare Code Mode, I decided to develop a Python implementation of it. My approach is a containerized solution that runs any Python code in a containerized sandbox. It automatically discovers current servers which are in your Claude Code config and wraps them in the Python tool calling wrapper.
Here is the GitHub link: https://github.com/elusznik/mcp-server-code-execution-mode
I wanted it to be secure as possible:
Total Network Isolation: Uses –network none. The code has no internet or local network access.
Strict Privilege Reduction: Drops all Linux capabilities (…
After seeing the Anthropic post and Cloudflare Code Mode, I decided to develop a Python implementation of it. My approach is a containerized solution that runs any Python code in a containerized sandbox. It automatically discovers current servers which are in your Claude Code config and wraps them in the Python tool calling wrapper.
Here is the GitHub link: https://github.com/elusznik/mcp-server-code-execution-mode
I wanted it to be secure as possible:
Total Network Isolation: Uses –network none. The code has no internet or local network access.
Strict Privilege Reduction: Drops all Linux capabilities (–cap-drop ALL) and prevents privilege escalation (–security-opt no-new-privileges).
Non-Root Execution: Runs the code as the unprivileged ‘nobody’ user (–user 65534).
Read-Only Filesystem: The container’s root filesystem is mounted –read-only.
Anti-DoS: Enforces strict memory (–memory 512m), process (–pids-limit 128), and execution time limits to prevent fork bombs.
Safe I/O: Provides small, non-executable in-memory file systems (tmpfs) for the script and temp files.
It’s designed to be a “best-in-class” Level 2 (container-based) sandbox that you can easily add to your existing MCP setup. I’d love for you to check it out and give me any feedback, especially on the security model in the RootlessContainerSandbox class. It’s amateur work, but I tried my best to secure and test it.