A
securityA
licenseA
qualityA secure terminal execution server that enables controlled command execution with security features and resource limits via the Model Context Protocol (MCP).
Last updated -
1
12
1
JavaScript
MIT License
Allows deploying the PRIMS server in a containerized environment for isolation and reproducibility
Mentioned in the roadmap for future CI implementation, but not currently integrated
Provides a secure sandbox for executing arbitrary Python code, installing packages, and managing virtual environments
PRIMS – Python Runtime Interpreter MCP Server
PRIMS is a tiny open-source Model Context Protocol (MCP) server that lets LLM agents run arbitrary Python code in a secure, throw-away sandbox.
• One tool, one job. Exposes a single MCP tool – run_code – that executes user-supplied Python and streams back stdout / stderr.
• Isolated & reproducible. Each call spins up a fresh virtual-env, installs any requested pip packages, mounts optional read-only files, then nukes the workspace.
• Zero config. Works over MCP/stdio or drop it in Docker.
Quick-start
1. Local development environment
2. Launch the server
3. Docker
Examples
List available tools
You can use the provided script to list all tools exposed by the server:
Expected output (tool names and descriptions may vary):
Run code via the MCP server
Mount a dataset once & reuse it
This mounts a CSV with mount_file and then reads it inside run_code without re-supplying the URL.
Inspect your session workspace
This shows how to use the list_dir and preview_file tools to browse files your code created.
Persist an artifact to permanent storage
The persist_artifact tool uploads a file from your output/ directory to a presigned URL.
Example (Python):
Download an artifact
Small artifacts can be fetched directly:
Available tools
| Tool | Purpose |
|---|---|
run_code | Execute Python in an isolated sandbox with optional pip deps. |
list_dir | List files/directories inside your session workspace. |
preview_file | Return up to 8 KB of a text file for quick inspection. |
persist_artifact | Upload an output/ file to a client-provided presigned URL. |
mount_file | Download a remote file once per session to mounts/<path>. |
See the examples/ directory for end-to-end demos.
Contributing
Contributions are welcome! Feel free to open issues, suggest features, or submit pull requests to help improve PRIMS.
If you find this project useful, please consider leaving a ⭐ to show your support.
This server cannot be installed
hybrid server
The server is able to function both locally and remotely, depending on the configuration or use case.
PRIMS is a lightweight, open-source Model Context Protocol (MCP) server that lets LLM agents safely execute arbitrary Python code in a secure, throw-away sandbox.
Related MCP Servers
- -securityFlicense-qualityA Model Context Protocol server implementation that enables seamless integration with Claude and other MCP-compatible clients to access Prem AI's language models, RAG capabilities, and document management features.Last updated -JavaScript
mcp-run-pythonofficial
-securityAlicense-qualityModel Context Protocol server to run Python code in a sandbox.Last updated -1,46210,593PythonMIT License- AsecurityAlicenseAqualityPostgres Pro is an open source Model Context Protocol (MCP) server built to support you and your AI agents throughout the entire development process—from initial coding, through testing and deployment, and to production tuning and maintenance.Last updated -9228PythonMIT License