Merge pull request #39 from cloudflare/csparks/add-container-mcp

Add container MCP server

Author: cmsparks

.eslintrc.cjs

@@ -1,9 +1,6 @@
 // This configuration only applies to the package manager root.
 /** @type {import("eslint").Linter.Config} */
 module.exports = {
-	ignorePatterns: [
-		'apps/**',
-		'packages/**',
-	],
-	extends: ['@repo/eslint-config/default.cjs']
+	ignorePatterns: ['apps/**', 'packages/**'],
+	extends: ['@repo/eslint-config/default.cjs'],
 }

.vscode/extensions.json

@@ -3,10 +3,7 @@
 	// Extension identifier format: ${publisher}.${name}. Example: vscode.csharp
 
 	// List of extensions which should be recommended for users of this workspace.
-	"recommendations": [
-		"esbenp.prettier-vscode",
-		"dbaeumer.vscode-eslint",
-	],
+	"recommendations": ["esbenp.prettier-vscode", "dbaeumer.vscode-eslint"],
 	// List of extensions recommended by VS Code that should not be recommended for users of this workspace.
 	"unwantedRecommendations": []
 }

.vscode/settings.json

@@ -13,11 +13,11 @@
 		"**/packages/tools/bin/*": "shellscript",
 		"**/*.css": "tailwindcss",
 		"turbo.json": "jsonc",
-		"**/packages/typescript-config/*.json": "jsonc",
+		"**/packages/typescript-config/*.json": "jsonc"
 	},
 	"eslint.workingDirectories": [
 		{
 			"mode": "auto"
 		}
-	],
+	]
 }

README.md

@@ -4,14 +4,14 @@ Model Context Protocol (MCP) is a [new, standardized protocol](https://modelcont
 
 This lets you use Claude Desktop, or any MCP Client, to use natural language to accomplish things on your Cloudflare account, e.g.:
 
-* `List all the Cloudflare workers on my <some-email>@gmail.com account.`
-* `Can you tell me about any potential issues on this particular worker '...'?`
+- `List all the Cloudflare workers on my <some-email>@gmail.com account.`
+- `Can you tell me about any potential issues on this particular worker '...'?`
 
 ## Access the remote MCP server from Claude Desktop
 
 Open Claude Desktop and navigate to Settings -> Developer -> Edit Config. This opens the configuration file that controls which MCP servers Claude can access.
 
-Replace the content with the following configuration. Once you restart Claude Desktop, a browser window will open showing your OAuth login page. Complete the authentication flow to grant Claude access to your MCP server. After you grant access, the tools will become available for you to use. 
+Replace the content with the following configuration. Once you restart Claude Desktop, a browser window will open showing your OAuth login page. Complete the authentication flow to grant Claude access to your MCP server. After you grant access, the tools will become available for you to use.
 
 ```
 {
@@ -44,17 +44,20 @@ Ensure your Cloudflare account has the necessary subscription level for the feat
 ## Features
 
 ### Workers Management
+
 - `worker_list`: List all Workers in your account
 - `worker_get_worker`: Get a Worker's script content
 
 ### Workers Logs
+
 - `worker_logs_by_worker_name`: Analyze recent logs for a Cloudflare Worker by worker name
 - `worker_logs_by_ray_id`: Analyze recent logs across all workers for a specific request by Cloudflare Ray ID
 - `worker_logs_keys`: Get available telemetry keys for a Cloudflare Worker
 
 ## Developing
 
 ### Apps
+
 - [workers-observability](apps/workers-observability/): The Workers Observability MCP server
 
 ### Packages

apps/sandbox-container/Dockerfile

@@ -0,0 +1,59 @@
+# Use an official Ubuntu as a base image
+FROM ubuntu:20.04
+
+# Set non-interactive mode to avoid prompts during package installation
+ARG DEBIAN_FRONTEND=noninteractive
+
+# Use bash for the shell
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+# Update and install useful CLI utilities
+RUN apt-get update && apt-get install -y \
+    curl \
+    git \
+    htop \
+    vim \
+    wget \
+    net-tools \
+    build-essential \
+    nmap \
+    sudo \
+    ca-certificates \
+    lsb-release \
+    nodejs \
+    npm \
+    python3 \
+    python3-pip \
+    && apt-get clean
+
+RUN pip3 install matplotlib numpy pandas
+
+# Install Node.js and Corepack
+RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \
+    && apt-get install -y nodejs \
+    && corepack enable
+
+# ENV NODE_VERSION 22.14.0
+
+# Download and install nvm
+# RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.2/install.sh | PROFILE="${BASH_ENV}" bash
+# RUN echo node > .nvmrc
+# RUN nvm install $NODE_VERSION
+# RUN nvm use $NODE_VERSION
+
+# Set working directory
+WORKDIR /app
+
+# Expose the port your Node.js server will run on
+EXPOSE 8080
+
+COPY . ./
+
+RUN npm i
+
+# add node and npm to path so the commands are available
+# ENV NODE_PATH $NVM_DIR/v$NODE_VERSION/lib/node_modules
+# ENV PATH $NVM_DIR/versions/node/v$NODE_VERSION/bin:$PATH
+
+# Default command (run your Node.js server here)
+CMD ["npm", "run", "start:container"]

apps/sandbox-container/README.md

@@ -0,0 +1,59 @@
+# Container MCP Server
+
+This is a simple MCP-based interface for a sandboxed development environment.
+
+## Local dev
+
+Currently a work in progress. Cloudchamber local dev isn't implemented yet, so we are doing a bit of a hack to just run the server in your local environment.
+
+TODO: replace locally running server with the real docker container.
+
+## Deploying
+
+1. Make sure the docker daemon is running
+
+2. Disable WARP and run
+
+```
+npx https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/14387504770/npm-package-wrangler-8740 deploy
+```
+
+3. Add to your Claude config. If using with Claude, you'll need to disable WARP:
+
+```
+{
+    "mcpServers": {
+        "container": {
+            "command": "npx",
+            "args": [
+                "mcp-remote",
+                // this is my deployed instance
+                "https://container-starter-2.cmsparks.workers.dev/sse"
+            ]
+        }
+    }
+}
+```
+
+## Tools
+
+- `container_initialize`: (Re)start a container. Containers are intended to be ephemeral and don't save any state. Containers are only guaranteed to last 10m (this is just because I have a max of like ~5 containers per account).
+- `container_ping`: Ping a container for connectivity
+- `container_exec`: Run a command in the shell
+- `container_files_write`: Write to a file
+- `container_files_list`: List all files in the work directory
+- `container_file_read`: Read the contents of a single file or directory
+
+## Resources
+
+TODO
+
+Tried implementing these, but MCP clients don't support resources well at all.
+
+## Prompts
+
+TODO
+
+## Container support
+
+The container currently runs python and node. It's connected to the internet and LLMs can install whatever packages.

apps/sandbox-container/container/index.ts

@@ -0,0 +1,169 @@
+import { exec } from 'node:child_process'
+import * as fs from 'node:fs/promises'
+import path from 'node:path'
+import { serve } from '@hono/node-server'
+import { zValidator } from '@hono/zod-validator'
+import { Hono } from 'hono'
+import { streamText } from 'hono/streaming'
+import mime from 'mime'
+
+import { ExecParams, FileList, FilesWrite } from '../shared/schema.ts'
+
+process.chdir('workdir')
+
+const app = new Hono()
+
+app.get('/ping', (c) => c.text('pong!'))
+
+/**
+ * GET /files/ls
+ *
+ * Gets all files in a directory
+ */
+app.get('/files/ls', async (c) => {
+	const directoriesToRead = ['.']
+	const files: FileList = { resources: [] }
+
+	while (directoriesToRead.length > 0) {
+		const curr = directoriesToRead.pop()
+		if (!curr) {
+			throw new Error('Popped empty stack, error while listing directories')
+		}
+		const fullPath = path.join(process.cwd(), curr)
+		const dir = await fs.readdir(fullPath, { withFileTypes: true })
+		for (const dirent of dir) {
+			const relPath = path.relative(process.cwd(), `${fullPath}/${dirent.name}`)
+			if (dirent.isDirectory()) {
+				directoriesToRead.push(dirent.name)
+				files.resources.push({
+					uri: `file:///${relPath}`,
+					name: dirent.name,
+					mimeType: 'inode/directory',
+				})
+			} else {
+				const mimeType = mime.getType(dirent.name)
+				files.resources.push({
+					uri: `file:///${relPath}`,
+					name: dirent.name,
+					mimeType: mimeType ?? undefined,
+				})
+			}
+		}
+	}
+
+	return c.json(files)
+})
+
+/**
+ * GET /files/contents/{filepath}
+ *
+ * Get the contents of a file or directory
+ */
+app.get('/files/contents/*', async (c) => {
+	let reqPath = c.req.path.replace('/files/contents', '')
+	reqPath = reqPath.endsWith('/') ? reqPath.substring(0, reqPath.length - 1) : reqPath
+	try {
+		const mimeType = mime.getType(reqPath)
+		const headers = mimeType ? { 'Content-Type': mimeType } : undefined
+		const contents = await fs.readFile(path.join(process.cwd(), reqPath))
+		return c.newResponse(contents, 200, headers)
+	} catch (e: any) {
+		if (e.code) {
+			// handle directory
+			if (e.code === 'EISDIR') {
+				const files: string[] = []
+				const dir = await fs.readdir(path.join(process.cwd(), reqPath), {
+					withFileTypes: true,
+				})
+				for (const dirent of dir) {
+					const relPath = path.relative(process.cwd(), `${reqPath}/${dirent.name}`)
+					if (dirent.isDirectory()) {
+						files.push(`file:///${relPath}`)
+					} else {
+						const mimeType = mime.getType(dirent.name)
+						files.push(`file:///${relPath}`)
+					}
+				}
+				return c.newResponse(files.join('\n'), 200, {
+					'Content-Type': 'inode/directory',
+				})
+			}
+
+			if (e.code === 'ENOENT') {
+				return c.notFound()
+			}
+		}
+
+		throw e
+	}
+})
+
+/**
+ * POST /files/contents
+ *
+ * Create or update file contents
+ */
+app.post('/files/contents', zValidator('json', FilesWrite), async (c) => {
+	const file = c.req.valid('json')
+	const reqPath = file.path.endsWith('/') ? file.path.substring(0, file.path.length - 1) : file.path
+	try {
+		await fs.writeFile(reqPath, file.text)
+		return c.newResponse(null, 200)
+	} catch (e) {
+		return c.newResponse(`Error: ${e}`, 400)
+	}
+})
+
+/**
+ * POST /exec
+ *
+ * Execute a command in a shell
+ */
+app.post('/exec', zValidator('json', ExecParams), (c) => {
+	const execParams = c.req.valid('json')
+	const proc = exec(execParams.args)
+	return streamText(c, async (stream) => {
+		return new Promise(async (resolve, reject) => {
+			if (proc.stdout) {
+				// Stream data from stdout
+				proc.stdout.on('data', async (data) => {
+					await stream.write(data.toString())
+				})
+			} else {
+				await stream.write('WARNING: no stdout stream for process')
+			}
+
+			if (execParams.streamStderr) {
+				if (proc.stderr) {
+					proc.stderr.on('data', async (data) => {
+						await stream.write(data.toString())
+					})
+				} else {
+					await stream.write('WARNING: no stderr stream for process')
+				}
+			}
+
+			// Handle process exit
+			proc.on('exit', async (code) => {
+				await stream.write(`Process exited with code: ${code}`)
+				if (code === 0) {
+					stream.close()
+					resolve()
+				} else {
+					console.error(`Process exited with code ${code}`)
+					reject(new Error(`Process failed with code ${code}`))
+				}
+			})
+
+			proc.on('error', (err) => {
+				console.error('Error with process: ', err)
+				reject(err)
+			})
+		})
+	})
+})
+
+serve({
+	fetch: app.fetch,
+	port: 8080,
+})

apps/sandbox-container/container/tsconfig.json

@@ -0,0 +1,16 @@
+{
+	"compilerOptions": {
+		"lib": ["es2023"],
+		"module": "ES2022",
+		"target": "es2022",
+		"types": ["@types/node"],
+		"strict": true,
+		"esModuleInterop": true,
+		"skipLibCheck": true,
+		"moduleResolution": "bundler",
+		"noEmit": true,
+		"allowImportingTsExtensions": true
+	},
+	"include": ["**/*.ts"],
+	"exclude": []
+}