linting

Author: cmsparks

apps/sandbox-container/CONTRIBUTING.md

@@ -0,0 +1,44 @@
+# Container MCP Server
+
+This is a simple MCP-based interface for a sandboxed development environment.
+
+## Local dev
+
+Cloudchamber local dev isn't implemented yet, so we are doing a bit of a hack to just run the server in your local environment. Because of this, testing the container(s) and container manager locally is not possible at this time.
+
+Do the following from within the sandbox-container app:
+
+1. Copy the `.dev.vars.example` file to a new `.dev.vars` file.
+2. Get the Cloudflare client id and secret from a team member and add them to the `.dev.vars` file.
+3. Run `pnpm i` then `pnpm dev` to start the MCP server.
+4. Run `pnpx @modelcontextprotocol/inspector` to start the MCP inspector client.
+5. Open the inspector client in your browser and connect to the server via `http://localhost:8976/sse`.
+
+Note: Temporary files created through files tool calls are stored in the workdir folder of this app.
+
+## Deploying
+
+1. Make sure the docker daemon is running
+
+2. Disable WARP and run
+
+```
+npx https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/14387504770/npm-package-wrangler-8740 deploy
+```
+
+3. Add to your Claude config. If using with Claude, you'll need to disable WARP:
+
+```
+{
+    "mcpServers": {
+        "container": {
+            "command": "npx",
+            "args": [
+                "mcp-remote",
+                // this is my deployed instance
+                "https://container-starter-2.cmsparks.workers.dev/sse"
+            ]
+        }
+    }
+}
+```

apps/sandbox-container/README.md

@@ -1,68 +1,49 @@
-# Container MCP Server
+# Cloudflare Container Sandbox MCP Server
 
-This is a simple MCP-based interface for a sandboxed development environment.
+This is a [Model Context Protocol (MCP)](https://modelcontextprotocol.io/introduction) server that supports remote MCP connections, with Cloudflare OAuth built-in.
 
-## Local dev
+It integrates tools for running a sandbox container with your MCP client. With this server you can allow your LLM to run arbitrary code, such as Node or Python, in a secure, sandboxed environment.
 
-Cloudchamber local dev isn't implemented yet, so we are doing a bit of a hack to just run the server in your local environment. Because of this, testing the container(s) and container manager locally is not possible at this time.
+## Tools
 
-Do the following from within the sandbox-container app:
+| **Category**      | **Tool**                   | **Description**                                                               |
+| ----------------- | -------------------------- | ----------------------------------------------------------------------------- |
+| **Container Lifecycle**       | `container_initialize`            | (Re)start a container. Containers are intended to be ephemeral and don't save any state. Containers are only guaranteed to last ~10m.|
+|                   | `container_ping`      | Ping a container for connectivity                          |
+| **Filesystem** | `container_file_write`       | Write to a file                     |
+|                   | `container_files_list`      | List all files in the work directory                          |
+|                   | `container_file_read`      |  Read the contents of a single file or directory                              |
+|                   | `container_file_delete`         | Delete a single file or directory                     |
+| **Execution**       | `container_exec`             | Run a command in the shell |
 
-1. Copy the `.dev.vars.example` file to a new `.dev.vars` file.
-2. Get the Cloudflare client id and secret from a team member and add them to the `.dev.vars` file.
-3. Run `pnpm i` then `pnpm dev` to start the MCP server.
-4. Run `pnpx @modelcontextprotocol/inspector` to start the MCP inspector client.
-5. Open the inspector client in your browser and connect to the server via `http://localhost:8976/sse`.
+This MCP server is still a work in progress, and we plan to add more tools in the future.
 
-Note: Temporary files created through files tool calls are stored in the workdir folder of this app.
 
-## Deploying
+### Prompt Examples
 
-1. Make sure the docker daemon is running
+- `Create a visualization using matplotlib. Run it in the container that you can start`
+- `Clone and explore this github repo: [repo link]. Setup and run the tests in your development environment`
+- `Analyze this data using Python`
 
-2. Disable WARP and run
+## Access the remote MCP server from from any MCP Client
 
-```
-npx https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/14387504770/npm-package-wrangler-8740 deploy
-```
+If your MCP client has first class support for remote MCP servers, the client will provide a way to accept the server URL (`https://bindings.mcp.cloudflare.com`) directly within its interface (for example in [Cloudflare AI Playground](https://playground.ai.cloudflare.com/)).
 
-3. Add to your Claude config. If using with Claude, you'll need to disable WARP:
+If your client does not yet support remote MCP servers, you will need to set up its respective configuration file using [mcp-remote](https://www.npmjs.com/package/mcp-remote) to specify which servers your client can access.
 
-```
+Replace the content with the following configuration:
+
+```json
 {
-    "mcpServers": {
-        "container": {
-            "command": "npx",
-            "args": [
-                "mcp-remote",
-                // this is my deployed instance
-                "https://container-starter-2.cmsparks.workers.dev/sse"
-            ]
-        }
-    }
+	"mcpServers": {
+		"cloudflare": {
+			"command": "npx",
+			"args": ["mcp-remote", "https://containers.mcp.cloudflare.com/sse"]
+		}
+	}
 }
 ```
 
-## Tools
-
-- `container_initialize`: (Re)start a container. Containers are intended to be ephemeral and don't save any state. Containers are only guaranteed to last 10m (this is just because I have a max of like ~5 containers per account).
-- `container_ping`: Ping a container for connectivity
-- `container_exec`: Run a command in the shell
-- `container_file_write`: Write to a file
-- `container_files_list`: List all files in the work directory
-- `container_file_read`: Read the contents of a single file or directory
-- `container_file_delete`: Delete a single file or directory
-
-## Resources
-
-TODO
-
-Tried implementing these, but MCP clients don't support resources well at all.
-
-## Prompts
-
-TODO
-
-## Container support
+Once you've set up your configuration file, restart MCP client and a browser window will open showing your OAuth login page. Proceed through the authentication flow to grant the client access to your MCP server. After you grant access, the tools will become available for you to use.
 
-The container currently runs python and node. It's connected to the internet and LLMs can install whatever packages.
+Interested in contributing, and running this server locally? See [CONTRIBUTING.md](CONTRIBUTING.md) to get started.

apps/sandbox-container/container/index.ts

@@ -139,14 +139,14 @@ app.post('/exec', zValidator('json', ExecParams), (c) => {
 	const execParams = c.req.valid('json')
 	const proc = exec(execParams.args)
 	return streamText(c, async (stream) => {
-		return new Promise(async (resolve, reject) => {
+		return new Promise((resolve, reject) => {
 			if (proc.stdout) {
 				// Stream data from stdout
 				proc.stdout.on('data', async (data) => {
 					await stream.write(data.toString())
 				})
 			} else {
-				await stream.write('WARNING: no stdout stream for process')
+				void stream.write('WARNING: no stdout stream for process')
 			}
 
 			if (execParams.streamStderr) {
@@ -155,15 +155,15 @@ app.post('/exec', zValidator('json', ExecParams), (c) => {
 						await stream.write(data.toString())
 					})
 				} else {
-					await stream.write('WARNING: no stderr stream for process')
+					void stream.write('WARNING: no stderr stream for process')
 				}
 			}
 
 			// Handle process exit
 			proc.on('exit', async (code) => {
 				await stream.write(`Process exited with code: ${code}`)
 				if (code === 0) {
-					stream.close()
+					await stream.close()
 					resolve()
 				} else {
 					console.error(`Process exited with code ${code}`)

apps/sandbox-container/evals/exec.eval.ts

@@ -1,6 +1,5 @@
-import { assert, expect } from 'vitest'
+import { expect } from 'vitest'
 import { describeEval } from 'vitest-evals'
-import { z } from 'zod'
 
 import { checkFactuality } from '@repo/eval-tools/src/scorers'
 import { eachModel } from '@repo/eval-tools/src/test-models'

apps/sandbox-container/evals/utils.ts

@@ -1,9 +1,10 @@
 import { jsonSchemaToZod } from '@n8n/json-schema-to-zod'
 import { MCPClientManager } from 'agents/mcp/client'
-import { LanguageModelV1, streamText, StreamTextResult, tool, ToolCallPart, ToolSet } from 'ai'
+import { streamText, tool } from 'ai'
 import { z } from 'zod'
 
 import type { JsonSchemaObject } from '@n8n/json-schema-to-zod'
+import type { LanguageModelV1, StreamTextResult, ToolCallPart, ToolSet } from 'ai'
 
 export async function initializeClient(): Promise<MCPClientManager> {
 	const clientManager = new MCPClientManager('test-client', '0.0.0')
@@ -56,12 +57,14 @@ export async function runTask(
 		maxSteps: 10,
 	})
 
-	for await (const part of res.fullStream) {
+	// consume the stream
+	// eslint-disable-next-line no-empty
+	for await (const _ of res.fullStream) {
 	}
 
 	// convert into an LLM readable result so our factuality checker can validate tool calls
 	let messagesWithTools = ''
-	let toolCalls: ToolCallPart[] = []
+	const toolCalls: ToolCallPart[] = []
 	const messages = (await res.response).messages
 	for (const message of messages) {
 		console.log(message.content)

apps/sandbox-container/package.json

@@ -1,10 +1,11 @@
 {
-	"name": "containers-starter",
+	"name": "containers-mcp",
 	"version": "0.0.1",
 	"private": true,
 	"type": "module",
 	"scripts": {
 		"check:types": "run-tsc",
+		"check:lint": "run-eslint-workers",
 		"deploy": "wrangler deploy",
 		"dev": "concurrently \"tsx container/index.ts\" \"wrangler dev --var \"ENVIRONMENT:dev\"\"",
 		"build:container": "docker build --platform linux/amd64 --tag sandbox-container:$(git rev-parse --short HEAD) -f Dockerfile ../../ && wrangler containers push sandbox-container:$(git rev-parse --short HEAD)",

apps/sandbox-container/server/containerHelpers.ts

@@ -28,11 +28,11 @@ export async function startAndWaitForPort(
 
 				// force DO to keep track of running state
 				monitor = container.monitor()
-				monitor.then(() => console.log('Container exited'))
+				void monitor.then(() => console.log('Container exited'))
 			}
 
 			const conn = await port.connect(`10.0.0.1:${portToAwait}`)
-			conn.close()
+			await conn.close()
 			console.log('Connected')
 			return true
 		} catch (err: any) {

apps/sandbox-container/server/containerManager.ts

@@ -1,13 +1,17 @@
 import { DurableObject } from 'cloudflare:workers'
 
-import type { Env } from './context'
-import { ContainerEvent } from './metrics'
+import { getEnv } from '@repo/mcp-common/src/env'
 import { MetricsTracker } from '@repo/mcp-observability'
 
+import { ContainerEvent } from './metrics'
+
+import type { Env } from './context'
+
+const env = getEnv<Env>()
 export class ContainerManager extends DurableObject<Env> {
-	metrics = new MetricsTracker(this.env.MCP_METRICS, {
-		name: this.env.MCP_SERVER_NAME,
-		version: this.env.MCP_SERVER_VERSION
+	metrics = new MetricsTracker(env.MCP_METRICS, {
+		name: env.MCP_SERVER_NAME,
+		version: env.MCP_SERVER_VERSION,
 	})
 
 	constructor(
@@ -51,9 +55,11 @@ export class ContainerManager extends DurableObject<Env> {
 			activeIds.push(c)
 		}
 
-		this.metrics.logEvent(new ContainerEvent({
-			active: activeIds.length
-		}))
+		this.metrics.logEvent(
+			new ContainerEvent({
+				active: activeIds.length,
+			})
+		)
 
 		return activeIds
 	}

apps/sandbox-container/server/containerMcp.ts

@@ -9,7 +9,7 @@ import { stripProtocolFromFilePath } from './utils'
 import type { Env } from './context'
 import type { Props, UserContainer } from '.'
 
-export class ContainerMcpAgent extends McpAgent<Env, {}, Props> {
+export class ContainerMcpAgent extends McpAgent<Env, never, Props> {
 	_server: CloudflareMCPServer | undefined
 	set server(server: CloudflareMCPServer) {
 		this._server = server
@@ -57,7 +57,7 @@ export class ContainerMcpAgent extends McpAgent<Env, {}, Props> {
 				const userInBlocklist = await this.env.USER_BLOCKLIST.get(this.props.user.id)
 				if (userInBlocklist) {
 					return {
-						content: [{ type: 'text', text: "Blocked from intializing container." }],
+						content: [{ type: 'text', text: 'Blocked from intializing container.' }],
 					}
 				}
 				return {
@@ -66,16 +66,20 @@ export class ContainerMcpAgent extends McpAgent<Env, {}, Props> {
 			}
 		)
 
-		this.server.tool('container_ping', `Ping the container for liveliness. Use this tool to check if the container is running.`, {}, async ({}) => {
-			return {
-				content: [{ type: 'text', text: await this.userContainer.container_ping() }],
+		this.server.tool(
+			'container_ping',
+			`Ping the container for liveliness. Use this tool to check if the container is running.`,
+			async () => {
+				return {
+					content: [{ type: 'text', text: await this.userContainer.container_ping() }],
+				}
 			}
-		})
+		)
 		this.server.tool(
 			'container_exec',
 			`Run a command in a container and return the results from stdout. 
 			If necessary, set a timeout. To debug, stream back standard error. 
-			If you\'re using python, ALWAYS use python3 alongside pip3`,
+			If you're using python, ALWAYS use python3 alongside pip3`,
 			{ args: ExecParams },
 			async ({ args }) => {
 				return {
@@ -106,22 +110,26 @@ export class ContainerMcpAgent extends McpAgent<Env, {}, Props> {
 				}
 			}
 		)
-		this.server.tool('container_files_list', 'List working directory file tree. This just reads the contents of the current working directory', {}, async ({}) => {
-			// Begin workaround using container read rather than ls:
-			const readFile = await this.userContainer.container_file_read('.')
-			return {
-				content: [
-					{
-						type: 'resource',
-						resource: {
-							text: readFile.type === "text" ? readFile.textOutput : readFile.base64Output,
-							uri: `file://`,
-							mimeType: readFile.mimeType,
+		this.server.tool(
+			'container_files_list',
+			'List working directory file tree. This just reads the contents of the current working directory',
+			async () => {
+				// Begin workaround using container read rather than ls:
+				const readFile = await this.userContainer.container_file_read('.')
+				return {
+					content: [
+						{
+							type: 'resource',
+							resource: {
+								text: readFile.type === 'text' ? readFile.textOutput : readFile.base64Output,
+								uri: `file://`,
+								mimeType: readFile.mimeType,
+							},
 						},
-					},
-				],
+					],
+				}
 			}
-		})
+		)
 		this.server.tool(
 			'container_file_read',
 			'Read a specific file or directory. Use this tool if you would like to read files or display them to the user. This allow you to get a displayable image for the user if there is an image file.',
@@ -135,7 +143,7 @@ export class ContainerMcpAgent extends McpAgent<Env, {}, Props> {
 						{
 							type: 'resource',
 							resource: {
-								text: readFile.type === "text" ? readFile.textOutput : readFile.base64Output,
+								text: readFile.type === 'text' ? readFile.textOutput : readFile.base64Output,
 								uri: `file://${path}`,
 								mimeType: readFile.mimeType,
 							},

apps/sandbox-container/server/index.ts

@@ -12,11 +12,11 @@ import { MetricsTracker } from '@repo/mcp-observability'
 
 import { ContainerManager } from './containerManager'
 import { ContainerMcpAgent } from './containerMcp'
+import { UserContainer } from './userContainer'
 
 import type { McpAgent } from 'agents/mcp'
 import type { AuthProps } from '@repo/mcp-common/src/cloudflare-oauth-handler'
 import type { Env } from './context'
-import { UserContainer } from './userContainer'
 
 export { ContainerManager, ContainerMcpAgent, UserContainer }