Codebox is an MCP Server designed to run commands inside Docker containers, enabling an agent to safely modify your project files while preventing access to the rest of your computer.
npm install -g @codespin/codeboxcodebox startFor LibreChat:
mcpServers:
codebox:
type: stdio
command: codebox
args:
- start
timeout: 30000 # 30-second timeout for commands
initTimeout: 10000 # 10-second timeout for initialization# Initialize OAuth credentials first (creates .env file)
codebox init
# Start with HTTP transport and OAuth authentication
codebox start --http
# Or without authentication (for development)
codebox start --http --no-authOptions
| Flag | Default | Purpose |
|---|---|---|
--http |
false |
Enable HTTP streaming transport |
--no-auth |
false |
Disable OAuth authentication (HTTP mode only) |
--host |
127.0.0.1 |
Host to bind |
--port |
13014 |
Port to listen on |
--allowed-origins |
http://localhost:<port> |
Allowed origins for CORS (* to allow all) |
--idle-timeout |
1800000 (30 minutes) |
Auto-close idle HTTP sessions after milliseconds |
The HTTP endpoint is
/mcp. An MCP client (e.g.@modelcontextprotocol/sdk'sStreamableHTTPClientTransport) should send the initialize request, receive amcp-session-idheader, and include that header on subsequent requests.
When running in HTTP mode, Codebox supports OAuth 2.1 authentication with the following features:
- Discovery Endpoints:
/.well-known/oauth-authorization-serverand/.well-known/oauth-protected-resource - Dynamic Client Registration:
POST /register - Authorization Code Flow with PKCE:
GET/POST /authorize(S256 required) - Token Endpoint:
POST /token(authorization_code, refresh_token, client_credentials grants)
To initialize OAuth credentials:
codebox init # Creates .env with CLIENT_ID and CLIENT_SECRET
codebox init --force # Overwrites existing .envRegister a workspace directory with Codebox:
# Using a Docker image
codebox workspace add [dirname] --image <image_name> [options]
# Using an existing container
codebox workspace add [dirname] --container <container_name> [options]Common options:
| Flag | Purpose |
|---|---|
--image <name> |
Docker image to use for new containers |
--container <name> |
Name of an existing Docker container to exec into |
--name <workspace> |
Custom name for the workspace (defaults to the directory name) |
--containerPath <p> |
Path inside the container to mount the workspace (default /workspace) |
--network <net> |
Docker network to connect the container to (useful in Docker Compose environments) |
--copy |
Copy workspace files to a temporary directory before mounting |
--idle-timeout <ms> |
Timeout in milliseconds before automatically closing idle workspace tokens (0 to disable) |
--run-template <tpl> |
Custom template for docker run commands |
--exec-template <tpl> |
Custom template for docker exec commands |
Examples:
# Register current directory, auto-close tokens after 5 min idle
codebox workspace add --image node:18 --idle-timeout 300000
# Register with copy mode and custom run template
codebox workspace add /path/to/app --image node:18 --copy \
--run-template "docker run -i --rm -v \"{{path}}:{{containerPath}}\" --workdir=\"{{containerPath}}\" --user={{uid}}:{{gid}} {{image}} /bin/sh -c \"{{command}}\""codebox workspace list# Remove by name
codebox workspace remove my-workspace-name
# Remove by path
codebox workspace remove /path/to/workspace
# Remove current directory
codebox workspace removeCodebox implements the Model Context Protocol (MCP). AI assistants can:
- List workspaces using the
list_workspacestool. - Open a workspace via
open_workspace; returns a workspace token (and a temp copy ifcopy=true). - Execute commands with
execute_commandorexecute_batch_commands, passing the token. - Write files with
write_fileorwrite_batch_files. - Close the workspace with
close_workspace; cleans up any temporary directories immediately.
Workspace tokens may be closed automatically after their
idleTimeoutexpires; clients should handle token expiration and re-open if necessary.
list_workspaces- List all registered workspacesopen_workspace- Open a workspace and get a tokenclose_workspace- Close a workspace token
write_file- Write or append to a filewrite_batch_files- Write multiple files in one request
execute_command- Execute a command in the workspace containerexecute_batch_commands- Execute multiple commands in sequence
Workspaces are stored in ~/.codespin/codebox.json:
{
"workspaces": [
{
"name": "my-node-app",
"path": "/home/user/workspaces/my-node-app",
"containerPath": "/my-project",
"image": "node:18",
"network": "my_compose_network",
"copy": true,
"idleTimeout": 300000,
"runTemplate": "docker run -i --rm -v \"{{path}}:{{containerPath}}\" --workdir=\"{{containerPath}}\" {{image}} /bin/sh -c \"{{command}}\""
}
],
"debug": true
}Fields
name: Identifier for the workspacepath: Host path to the workspace directorycontainerPath: (Optional) Path inside container (defaults to/workspace)image: Docker image for new containerscontainerName: Name of an existing containernetwork: Docker network to joincopy: Whentrue, creates a temp copy before mountingidleTimeout: Timeout in ms before auto-closing tokens (0 = disabled; default 600 000)runTemplate,execTemplate: Custom command templatesdebug: Whentrue, enables verbose MCP logging under~/.codespin/logs/
When you enable copy mode with --copy, Codebox will:
- Create a temporary copy of your workspace directory
- Mount this temporary copy in the container instead of your original files
- Run commands on the copy, so your original source files are never modified
- Clean up the temporary directory when the workspace token is closed or the idle-timeout fires
Copy mode is useful for:
- Testing destructive operations safely
- Preventing accidental modifications to your source code
- Executing commands that might create temporary or build files
- Avoiding permission issues with mounted volumes
Note: Copy mode only works with Docker images (--image), not existing containers (--container).
When using --run-template with a workspace that uses --image, you can use these variables:
{{image}}— The Docker image name{{path}}— The host directory path{{containerPath}}— The path inside the container{{command}}— The command to execute (escaped){{network}}— The Docker network, if specified{{uid}},{{gid}}— Host user/group IDs for--user
When using --exec-template with a workspace that uses --container, you can use these variables:
{{containerName}}— The container name{{containerPath}}— The working directory inside the container{{command}}— The command to execute (escaped){{uid}},{{gid}}— Host user/group IDs for--user
-
Alternative container runtime
codebox workspace add --image alpine:latest \ --run-template "podman run -i --rm -v {{path}}:{{containerPath}} {{image}} sh -c \"{{command}}\"" -
Custom Docker options
codebox workspace add --image node:18 \ --run-template "docker run -i --rm -v \"{{path}}:{{containerPath}}\" --workdir=\"{{containerPath}}\" --memory=512m --cpus=0.5 {{image}} /bin/sh -c \"{{command}}\""
- HTTP / CORS — If you see
Origin not allowed, adjust--allowed-origins(or use*in dev). - OAuth errors — Run
codebox initto generate credentials, or use--no-authfor development. - Debug logging — Set
"debug": truein~/.codespin/codebox.json; logs appear in~/.codespin/logs/<YYYY-MM-DD>.log. - Docker connectivity — Ensure Docker is running, you have proper permissions, and specified containers/networks exist.
- Idle workspace closed — If tokens disappear, increase or disable their
idleTimeout.
MIT