Ipybox
Let your agent run Python in a Docker-sandboxed IPython environment with controlled host dirs, outbound domains, and file transfer.
Overview
ipybox is a MCP server for the Build phase that runs sandboxed IPython Python in Docker with configurable dirs, domains, and file transfer for agents.
What is this MCP server?
- PyPI package ipybox via uvx with required mcp subcommand
- Docker-backed sandboxed Python and IPython execution
- Host filesystem gates via repeatable --allowed-dir flags
- Outbound network gates via repeatable --allowed-domain flags (domain, IP, or CIDR)
- Optional --container-tag and --container-env-var for image and env control
- PyPI identifier ipybox with runtimeHint uvx
- Required positional argument: mcp subcommand
- Configurable gates: repeated --allowed-dir and --allowed-domain flags
Community signal: 74 GitHub stars.
What problem does it solve?
You want your agent to execute real Python but cannot risk full host shell access or uncontrolled network egress.
Who is it for?
Builders extending Claude Code or Cursor with reproducible, policy-bound Python execution for prototypes and data chores.
Skip if: Anyone without Docker, or teams that need managed cloud notebooks with zero local container ops.
What do I get? / Deliverables
After configuring ipybox, your agent runs containerized Python with explicit allowlists and moves files through a governed execution path.
- Containerized Python/IPython runs invoked through MCP tools
- Controlled file transfer between host allowlisted paths and the sandbox
Recommended MCP Servers
Journey fit
Sandboxed execution is a build-time capability you wire into the agent stack before you rely on it in ship or operate loops. Agent-tooling is the shelf because ipybox exists to extend what coding agents can safely execute, not to host a production API by itself.
How it compares
Docker-sandboxed Python executor MCP, not a Grafana monitor or hosted anomaly API.
Common Questions / FAQ
Who is ipybox for?
Solo developers who use AI agents daily and need IPython execution with Docker isolation and explicit filesystem and network allowlists.
When should I use ipybox?
Use it while building agent workflows that must run Python, touch only approved host paths, and reach only approved domains.
How do I add ipybox to my agent?
Launch via uvx ipybox mcp with stdio in your MCP config, adding --allowed-dir and --allowed-domain as needed plus optional container image and env flags.