PyPI - mcp-python-exec-sandbox - Versions diffs - 0.1.2__tar.gz → 0.1.4__tar.gz - Mend

mcp-python-exec-sandbox 0.1.2tar.gz → 0.1.4tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (44) hide show

mcp_python_exec_sandbox-0.1.4/.github/workflows/ci.yml ADDED Viewed

@@ -0,0 +1,61 @@
+name: CI
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: astral-sh/setup-uv@v4
+        with:
+          python-version: "3.13"
+      - run: uv sync --dev
+      - run: uv run ruff check .
+      - run: uv run ruff format --check .
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: astral-sh/setup-uv@v4
+        with:
+          python-version: "3.13"
+      - run: uv sync --dev
+      - run: uv run pytest tests/ -v
+  e2e-native:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: astral-sh/setup-uv@v4
+        with:
+          python-version: "3.13"
+      - run: sudo apt-get update && sudo apt-get install -y bubblewrap
+      - run: uv sync --dev
+      - run: uv run pytest e2e_tests/test_sandbox_enforcement.py -v
+  e2e-docker:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: astral-sh/setup-uv@v4
+        with:
+          python-version: "3.13"
+      - run: docker build -t mcp-python-exec-sandbox profiles/
+      - run: uv sync --dev
+      - run: uv run pytest e2e_tests/test_docker_sandbox.py -v
+  e2e-multi-version:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: astral-sh/setup-uv@v4
+        with:
+          python-version: "3.13"
+      - run: uv sync --dev
+      - run: uv run pytest e2e_tests/test_multi_version.py -v

{mcp_python_exec_sandbox-0.1.2 → mcp_python_exec_sandbox-0.1.4}/CLAUDE.md RENAMED Viewed

@@ -18,11 +18,12 @@ src/mcp_python_exec_sandbox/   # Package source
   executor.py             # uv subprocess orchestration
   script.py               # PEP 723 metadata parsing/merging
   sandbox.py              # Sandbox ABC + factory
-  sandbox_{linux,macos,docker}.py
+  sandbox_linux.py        # bubblewrap sandbox (Linux)
+  sandbox_docker.py       # Docker sandbox (macOS/any)
   config.py, cache.py, output.py, errors.py
 tests/                    # Unit + integration tests (mocked or local uv)
 e2e_tests/                # End-to-end tests (require uv + network)
-profiles/                 # Dockerfile, macOS seatbelt profile, warmup packages
+profiles/                 # Dockerfile, warmup packages
 ```
 ## Commands
@@ -40,7 +41,7 @@ uv run pytest e2e_tests/ -v  # E2E tests (slow, needs network)
 - Lint with `uv run ruff check .` and format with `uv run ruff format --check .` before committing. Fix issues with `--fix` / `ruff format .`.
 - Tool docstrings in `server.py` are user-facing — they become the MCP tool descriptions that agents see. Write them for an LLM audience: include examples, avoid unexplained jargon, link PEPs.
 - Always pin versions in examples (e.g. `"pandas>=2.2"` not `"pandas"`).
-- Sandbox backends must degrade gracefully: if the tool (bwrap, sandbox-exec, docker) is missing, fall back to `NoopSandbox` with a warning.
+- Sandbox backends must degrade gracefully: if the tool (bwrap, docker) is missing, fall back to `NoopSandbox` with a warning. Native sandbox is Linux-only (bwrap); macOS defaults to Docker.
 ## Contribution format

{mcp_python_exec_sandbox-0.1.2 → mcp_python_exec_sandbox-0.1.4}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: mcp-python-exec-sandbox
-Version: 0.1.2
+Version: 0.1.4
 Summary: MCP server for secure Python script execution with automatic dependency management
 Project-URL: Homepage, https://github.com/lu-zhengda/mcp-python-exec-sandbox
 Project-URL: Repository, https://github.com/lu-zhengda/mcp-python-exec-sandbox
@@ -29,7 +29,7 @@ Sandboxed Python execution for AI agents. Scripts run in ephemeral, isolated env
 Every coding agent can already run Python on your host. The problem is what happens next: packages accumulate, venvs sprawl, and a rogue `pip install` breaks your system. **mcp-python-exec-sandbox** eliminates this:
-- Scripts execute in a sandbox (bubblewrap on Linux, sandbox-exec on macOS, Docker everywhere)
+- Scripts execute in a sandbox (bubblewrap on Linux, Docker on macOS/other platforms)
 - Dependencies are declared inline and resolved ephemerally via `uv`
 - Nothing touches your host's Python, site-packages, or virtualenvs
 - Each execution is isolated and disposable
@@ -56,25 +56,24 @@ Additional requirements depend on your chosen sandbox backend:
 | Setup | Additional requirements | Install |
 |-------|------------------------|---------|
 | **Native sandbox (Linux)** | [bubblewrap](https://github.com/containers/bubblewrap) | `sudo apt install bubblewrap` |
-| **Native sandbox (macOS)** | None -- `sandbox-exec` is built into macOS | -- |
-| **Docker sandbox** | [Docker Engine](https://docs.docker.com/engine/install/) | See Docker docs |
+| **Docker sandbox (macOS, any)** | [Docker Engine](https://docs.docker.com/engine/install/) | See Docker docs |
 | **No sandbox** | None | -- |
 > **Host Python vs. execution Python:** These are independent. Python 3.13+ is needed to run the server process itself. The `--python-version` flag controls which Python version your *scripts* execute on -- uv downloads the target version automatically. You do not need to install Python 3.14 or 3.15 on your host to run scripts on those versions.
 ## Quick start
-### Claude Code (native sandbox -- recommended)
+### Claude Code (Linux -- native sandbox)
 ```bash
-claude mcp add python-sandbox -- uvx mcp-python-exec-sandbox --sandbox-backend native
+claude mcp add python-sandbox -- uvx mcp-python-exec-sandbox
 ```
-### Claude Code (Docker sandbox)
+### Claude Code (macOS -- Docker sandbox, recommended)
 ```bash
 docker build -t mcp-python-exec-sandbox profiles/
-claude mcp add python-sandbox -- uvx mcp-python-exec-sandbox --sandbox-backend docker
+claude mcp add python-sandbox -- uvx mcp-python-exec-sandbox
 ```
 > The Docker image build requires the repo source. Clone it first: `git clone https://github.com/lu-zhengda/mcp-python-exec-sandbox.git`
@@ -85,14 +84,45 @@ claude mcp add python-sandbox -- uvx mcp-python-exec-sandbox --sandbox-backend d
 claude mcp add python-sandbox -- uvx mcp-python-exec-sandbox --sandbox-backend none
 ```
-### Manual JSON config
+### Cursor
+Add to `.cursor/mcp.json` (project-level) or `~/.cursor/mcp.json` (global):
+```json
+{
+  "mcpServers": {
+    "python-sandbox": {
+      "command": "uvx",
+      "args": ["mcp-python-exec-sandbox"]
+    }
+  }
+}
+```
+### OpenAI Codex CLI
+```bash
+codex mcp add python-sandbox -- uvx mcp-python-exec-sandbox
+```
+Or add to `.codex/config.toml`:
+```toml
+[mcp_servers.python-sandbox]
+command = "uvx"
+args = ["mcp-python-exec-sandbox"]
+```
+### Other MCP clients
+Any client that supports the MCP stdio transport can use this server:
 ```json
 {
   "mcpServers": {
     "python-sandbox": {
       "command": "uvx",
-      "args": ["mcp-python-exec-sandbox", "--sandbox-backend", "native"]
+      "args": ["mcp-python-exec-sandbox"]
     }
   }
 }
@@ -166,11 +196,10 @@ Validates a script's PEP 723 metadata and dependencies without executing it.
 | Backend | Platform | Tool | Notes |
 |---------|----------|------|-------|
 | `native` | Linux | bubblewrap | Namespace isolation, network allowed |
-| `native` | macOS | sandbox-exec | Seatbelt profiles, network allowed |
 | `docker` | Any | Docker | Container isolation, resource limits |
 | `none` | Any | -- | No sandboxing (not recommended) |
-If the requested sandbox tool is unavailable, the server falls back to `none` with a warning.
+The default backend is `native` (bubblewrap) on Linux and `docker` on macOS/other platforms. Specifying `--sandbox-backend native` on macOS automatically redirects to Docker. If the sandbox tool is unavailable, the server falls back to `none` with a warning.
 ### Docker sandbox setup
@@ -185,7 +214,7 @@ mcp-python-exec-sandbox [OPTIONS]
 Options:
   --python-version TEXT     Python version for execution (default: 3.13)
-  --sandbox-backend TEXT    native | docker | none (default: native)
+  --sandbox-backend TEXT    native | docker | none (default: native on Linux, docker on macOS)
   --max-timeout INT         Maximum allowed timeout in seconds (default: 300)
   --default-timeout INT     Default timeout in seconds (default: 30)
   --max-output-bytes INT    Maximum output size in bytes (default: 102400)
@@ -211,11 +240,12 @@ src/mcp_python_exec_sandbox/   # Package source
   executor.py             # uv subprocess orchestration
   script.py               # PEP 723 metadata parsing/merging
   sandbox.py              # Sandbox ABC + factory
-  sandbox_{linux,macos,docker}.py
+  sandbox_linux.py        # bubblewrap sandbox (Linux)
+  sandbox_docker.py       # Docker sandbox (macOS/any)
   config.py, cache.py, output.py, errors.py
 tests/                    # Unit + integration tests (mocked or local uv)
 e2e_tests/                # End-to-end tests (require uv + network)
-profiles/                 # Dockerfile, macOS seatbelt profile, warmup packages
+profiles/                 # Dockerfile, warmup packages
 .devcontainer/            # Devcontainer for Linux sandbox testing from macOS
 ```
@@ -300,7 +330,7 @@ devcontainer exec --workspace-folder . uv run pytest e2e_tests/test_sandbox_enfo
 - Add tests for new functionality: unit tests in `tests/`, E2E in `e2e_tests/` if it needs real execution.
 - Keep dependencies minimal. Do not add runtime deps without strong justification.
 - Tool docstrings in `server.py` are user-facing MCP tool descriptions. Write them for an LLM audience.
-- Sandbox backends must degrade gracefully: if the tool is missing, fall back to `NoopSandbox` with a warning.
+- Sandbox backends must degrade gracefully: if the required tool (bwrap, docker) is missing, fall back to `NoopSandbox` with a warning.
 ## License

{mcp_python_exec_sandbox-0.1.2 → mcp_python_exec_sandbox-0.1.4}/README.md RENAMED Viewed

@@ -6,7 +6,7 @@ Sandboxed Python execution for AI agents. Scripts run in ephemeral, isolated env
 Every coding agent can already run Python on your host. The problem is what happens next: packages accumulate, venvs sprawl, and a rogue `pip install` breaks your system. **mcp-python-exec-sandbox** eliminates this:
-- Scripts execute in a sandbox (bubblewrap on Linux, sandbox-exec on macOS, Docker everywhere)
+- Scripts execute in a sandbox (bubblewrap on Linux, Docker on macOS/other platforms)
 - Dependencies are declared inline and resolved ephemerally via `uv`
 - Nothing touches your host's Python, site-packages, or virtualenvs
 - Each execution is isolated and disposable
@@ -33,25 +33,24 @@ Additional requirements depend on your chosen sandbox backend:
 | Setup | Additional requirements | Install |
 |-------|------------------------|---------|
 | **Native sandbox (Linux)** | [bubblewrap](https://github.com/containers/bubblewrap) | `sudo apt install bubblewrap` |
-| **Native sandbox (macOS)** | None -- `sandbox-exec` is built into macOS | -- |
-| **Docker sandbox** | [Docker Engine](https://docs.docker.com/engine/install/) | See Docker docs |
+| **Docker sandbox (macOS, any)** | [Docker Engine](https://docs.docker.com/engine/install/) | See Docker docs |
 | **No sandbox** | None | -- |
 > **Host Python vs. execution Python:** These are independent. Python 3.13+ is needed to run the server process itself. The `--python-version` flag controls which Python version your *scripts* execute on -- uv downloads the target version automatically. You do not need to install Python 3.14 or 3.15 on your host to run scripts on those versions.
 ## Quick start
-### Claude Code (native sandbox -- recommended)
+### Claude Code (Linux -- native sandbox)
 ```bash
-claude mcp add python-sandbox -- uvx mcp-python-exec-sandbox --sandbox-backend native
+claude mcp add python-sandbox -- uvx mcp-python-exec-sandbox
 ```
-### Claude Code (Docker sandbox)
+### Claude Code (macOS -- Docker sandbox, recommended)
 ```bash
 docker build -t mcp-python-exec-sandbox profiles/
-claude mcp add python-sandbox -- uvx mcp-python-exec-sandbox --sandbox-backend docker
+claude mcp add python-sandbox -- uvx mcp-python-exec-sandbox
 ```
 > The Docker image build requires the repo source. Clone it first: `git clone https://github.com/lu-zhengda/mcp-python-exec-sandbox.git`
@@ -62,14 +61,45 @@ claude mcp add python-sandbox -- uvx mcp-python-exec-sandbox --sandbox-backend d
 claude mcp add python-sandbox -- uvx mcp-python-exec-sandbox --sandbox-backend none
 ```
-### Manual JSON config
+### Cursor
+Add to `.cursor/mcp.json` (project-level) or `~/.cursor/mcp.json` (global):
+```json
+{
+  "mcpServers": {
+    "python-sandbox": {
+      "command": "uvx",
+      "args": ["mcp-python-exec-sandbox"]
+    }
+  }
+}
+```
+### OpenAI Codex CLI
+```bash
+codex mcp add python-sandbox -- uvx mcp-python-exec-sandbox
+```
+Or add to `.codex/config.toml`:
+```toml
+[mcp_servers.python-sandbox]
+command = "uvx"
+args = ["mcp-python-exec-sandbox"]
+```
+### Other MCP clients
+Any client that supports the MCP stdio transport can use this server:
 ```json
 {
   "mcpServers": {
     "python-sandbox": {
       "command": "uvx",
-      "args": ["mcp-python-exec-sandbox", "--sandbox-backend", "native"]
+      "args": ["mcp-python-exec-sandbox"]
     }
   }
 }
@@ -143,11 +173,10 @@ Validates a script's PEP 723 metadata and dependencies without executing it.
 | Backend | Platform | Tool | Notes |
 |---------|----------|------|-------|
 | `native` | Linux | bubblewrap | Namespace isolation, network allowed |
-| `native` | macOS | sandbox-exec | Seatbelt profiles, network allowed |
 | `docker` | Any | Docker | Container isolation, resource limits |
 | `none` | Any | -- | No sandboxing (not recommended) |
-If the requested sandbox tool is unavailable, the server falls back to `none` with a warning.
+The default backend is `native` (bubblewrap) on Linux and `docker` on macOS/other platforms. Specifying `--sandbox-backend native` on macOS automatically redirects to Docker. If the sandbox tool is unavailable, the server falls back to `none` with a warning.
 ### Docker sandbox setup
@@ -162,7 +191,7 @@ mcp-python-exec-sandbox [OPTIONS]
 Options:
   --python-version TEXT     Python version for execution (default: 3.13)
-  --sandbox-backend TEXT    native | docker | none (default: native)
+  --sandbox-backend TEXT    native | docker | none (default: native on Linux, docker on macOS)
   --max-timeout INT         Maximum allowed timeout in seconds (default: 300)
   --default-timeout INT     Default timeout in seconds (default: 30)
   --max-output-bytes INT    Maximum output size in bytes (default: 102400)
@@ -188,11 +217,12 @@ src/mcp_python_exec_sandbox/   # Package source
   executor.py             # uv subprocess orchestration
   script.py               # PEP 723 metadata parsing/merging
   sandbox.py              # Sandbox ABC + factory
-  sandbox_{linux,macos,docker}.py
+  sandbox_linux.py        # bubblewrap sandbox (Linux)
+  sandbox_docker.py       # Docker sandbox (macOS/any)
   config.py, cache.py, output.py, errors.py
 tests/                    # Unit + integration tests (mocked or local uv)
 e2e_tests/                # End-to-end tests (require uv + network)
-profiles/                 # Dockerfile, macOS seatbelt profile, warmup packages
+profiles/                 # Dockerfile, warmup packages
 .devcontainer/            # Devcontainer for Linux sandbox testing from macOS
 ```
@@ -277,7 +307,7 @@ devcontainer exec --workspace-folder . uv run pytest e2e_tests/test_sandbox_enfo
 - Add tests for new functionality: unit tests in `tests/`, E2E in `e2e_tests/` if it needs real execution.
 - Keep dependencies minimal. Do not add runtime deps without strong justification.
 - Tool docstrings in `server.py` are user-facing MCP tool descriptions. Write them for an LLM audience.
-- Sandbox backends must degrade gracefully: if the tool is missing, fall back to `NoopSandbox` with a warning.
+- Sandbox backends must degrade gracefully: if the required tool (bwrap, docker) is missing, fall back to `NoopSandbox` with a warning.
 ## License

mcp_python_exec_sandbox-0.1.4/e2e_tests/test_multi_version.py ADDED Viewed

@@ -0,0 +1,68 @@
+"""E2E tests for multi-version Python execution."""
+import shutil
+import tempfile
+from pathlib import Path
+import pytest
+from mcp_python_exec_sandbox.executor import execute
+pytestmark = pytest.mark.skipif(
+    shutil.which("uv") is None,
+    reason="uv not installed",
+)
+@pytest.mark.parametrize("python_version", ["3.13", "3.14"])
+@pytest.mark.asyncio
+async def test_version_matches(python_version: str):
+    """Test that the script runs on the requested Python version."""
+    script = """\
+import sys
+print(f"{sys.version_info.major}.{sys.version_info.minor}")
+"""
+    with tempfile.TemporaryDirectory(prefix="mcp-e2e-") as tmpdir:
+        script_path = Path(tmpdir) / "test.py"
+        script_path.write_text(script)
+        result = await execute(
+            script_path=script_path,
+            python_version=python_version,
+            timeout=60,
+            sandbox=None,
+            max_output_bytes=102400,
+        )
+    assert result.exit_code == 0, f"stderr: {result.stderr}"
+    assert result.stdout.strip() == python_version
+@pytest.mark.parametrize("python_version", ["3.13", "3.14"])
+@pytest.mark.asyncio
+async def test_dependency_install_across_versions(python_version: str):
+    """Test that PEP 723 dependencies work on each Python version."""
+    script = """\
+# /// script
+# dependencies = ["pydantic>=2.0"]
+# ///
+import pydantic
+print(f"pydantic {pydantic.__version__}")
+"""
+    with tempfile.TemporaryDirectory(prefix="mcp-e2e-") as tmpdir:
+        script_path = Path(tmpdir) / "test.py"
+        script_path.write_text(script)
+        result = await execute(
+            script_path=script_path,
+            python_version=python_version,
+            timeout=120,
+            sandbox=None,
+            max_output_bytes=102400,
+        )
+    assert result.exit_code == 0, f"stderr: {result.stderr}"
+    assert "pydantic 2." in result.stdout

{mcp_python_exec_sandbox-0.1.2 → mcp_python_exec_sandbox-0.1.4}/e2e_tests/test_sandbox_enforcement.py RENAMED Viewed

@@ -18,42 +18,6 @@ pytestmark = [
 ]
-@pytest.mark.skipif(sys.platform != "darwin", reason="macOS only")
-@pytest.mark.skipif(
-    shutil.which("sandbox-exec") is None,
-    reason="sandbox-exec not found",
-)
-@pytest.mark.asyncio
-async def test_macos_sandbox_blocks_home_read():
-    """Test that macOS sandbox blocks reading files outside allowed dirs."""
-    sandbox = get_sandbox("native")
-    script = """\
-import os
-try:
-    with open(os.path.expanduser("~/.ssh/id_rsa")) as f:
-        print(f.read())
-    print("ACCESS_GRANTED")
-except (PermissionError, FileNotFoundError, OSError) as e:
-    print(f"ACCESS_DENIED: {e}")
-"""
-    with tempfile.TemporaryDirectory(prefix="mcp-e2e-") as tmpdir:
-        script_path = Path(tmpdir) / "test.py"
-        script_path.write_text(script)
-        result = await execute(
-            script_path=script_path,
-            python_version="3.13",
-            timeout=30,
-            sandbox=sandbox,
-            max_output_bytes=102400,
-        )
-    # Should not have been able to read the file
-    assert "ACCESS_GRANTED" not in result.stdout
 @pytest.mark.skipif(sys.platform != "linux", reason="Linux only")
 @pytest.mark.skipif(
     shutil.which("bwrap") is None,

{mcp_python_exec_sandbox-0.1.2 → mcp_python_exec_sandbox-0.1.4}/pyproject.toml RENAMED Viewed

@@ -1,6 +1,6 @@
 [project]
 name = "mcp-python-exec-sandbox"
-version = "0.1.2"
+version = "0.1.4"
 description = "MCP server for secure Python script execution with automatic dependency management"
 readme = "README.md"
 requires-python = ">=3.13"

{mcp_python_exec_sandbox-0.1.2 → mcp_python_exec_sandbox-0.1.4}/src/mcp_python_exec_sandbox/__main__.py RENAMED Viewed

@@ -3,9 +3,16 @@
 from __future__ import annotations
 import argparse
+import sys
+def _default_sandbox_backend() -> str:
+    """Return the platform-appropriate default sandbox backend."""
+    return "native" if sys.platform == "linux" else "docker"
 def parse_args(argv: list[str] | None = None) -> argparse.Namespace:
+    default_backend = _default_sandbox_backend()
     parser = argparse.ArgumentParser(
         prog="mcp-python-exec-sandbox",
         description="MCP server for secure Python script execution",
@@ -18,8 +25,11 @@ def parse_args(argv: list[str] | None = None) -> argparse.Namespace:
     parser.add_argument(
         "--sandbox-backend",
         choices=["native", "docker", "none"],
-        default="native",
-        help="Sandbox backend: native (bwrap/sandbox-exec), docker, or none (default: native)",
+        default=default_backend,
+        help=(
+            "Sandbox backend: native (bwrap, Linux only), docker, or none "
+            f"(default: {default_backend})"
+        ),
     )
     parser.add_argument(
         "--max-timeout",

{mcp_python_exec_sandbox-0.1.2 → mcp_python_exec_sandbox-0.1.4}/src/mcp_python_exec_sandbox/config.py RENAMED Viewed

@@ -10,7 +10,7 @@ class ServerConfig:
     """Configuration for the MCP Python executor server."""
     python_version: str = "3.13"
-    sandbox_backend: str = "native"  # "native" | "docker" | "none"
+    sandbox_backend: str = "native"  # "native" (Linux) | "docker" | "none"
     max_timeout: int = 300
     default_timeout: int = 30
     max_output_bytes: int = 102_400  # 100KB

{mcp_python_exec_sandbox-0.1.2 → mcp_python_exec_sandbox-0.1.4}/src/mcp_python_exec_sandbox/executor.py RENAMED Viewed

@@ -4,11 +4,34 @@ from __future__ import annotations
 import asyncio
 import os
+import shutil
+import subprocess
 import time
 from pathlib import Path
 from mcp_python_exec_sandbox.output import ExecutionResult
+_uv_cache_dir: str | None = None
+def _get_uv_cache_dir() -> str | None:
+    """Discover uv's cache directory (cached after first call)."""
+    global _uv_cache_dir  # noqa: PLW0603
+    if _uv_cache_dir is not None:
+        return _uv_cache_dir
+    uv = shutil.which("uv")
+    if uv:
+        try:
+            result = subprocess.run(
+                [uv, "cache", "dir"], capture_output=True, text=True, timeout=5
+            )
+            if result.returncode == 0 and result.stdout.strip():
+                _uv_cache_dir = str(Path(result.stdout.strip()).resolve())
+                return _uv_cache_dir
+        except Exception:
+            pass
+    return None
 def _build_clean_env(uv_cache_dir: str | None = None) -> dict[str, str]:
     """Build a clean environment dict, stripping secrets from the parent env."""
@@ -48,12 +71,14 @@ async def execute(
     Returns:
         ExecutionResult with stdout, stderr, exit_code, duration, and timeout status.
     """
-    cmd = [uv_path, "run", "--script", "--python", python_version, str(script_path)]
+    # Resolve symlinks so paths match sandbox allow-lists (e.g. /var -> /private/var)
+    resolved_path = script_path.resolve()
+    cmd = [uv_path, "run", "--script", "--python", python_version, str(resolved_path)]
     if sandbox is not None:
-        cmd = sandbox.wrap(cmd, script_path)
+        cmd = sandbox.wrap(cmd, resolved_path)
-    env = _build_clean_env()
+    env = _build_clean_env(uv_cache_dir=_get_uv_cache_dir())
     start = time.monotonic()
     timed_out = False
@@ -63,6 +88,7 @@ async def execute(
             stdout=asyncio.subprocess.PIPE,
             stderr=asyncio.subprocess.PIPE,
             env=env,
+            cwd=resolved_path.parent,
         )
         stdout_bytes, stderr_bytes = await asyncio.wait_for(proc.communicate(), timeout=timeout)
     except TimeoutError:

{mcp_python_exec_sandbox-0.1.2 → mcp_python_exec_sandbox-0.1.4}/src/mcp_python_exec_sandbox/sandbox.py RENAMED Viewed

@@ -47,6 +47,19 @@ class NoopSandbox(Sandbox):
         return "none (no sandboxing)"
+def _get_docker_sandbox() -> Sandbox:
+    """Create a Docker sandbox, falling back to NoopSandbox if unavailable."""
+    from mcp_python_exec_sandbox.sandbox_docker import DockerSandbox
+    sb = DockerSandbox()
+    if not sb.is_available():
+        import logging
+        logging.warning("Docker not available, falling back to no sandbox")
+        return NoopSandbox()
+    return sb
 def get_sandbox(backend: str) -> Sandbox:
     """Create a sandbox instance for the given backend.
@@ -61,35 +74,23 @@ def get_sandbox(backend: str) -> Sandbox:
             from mcp_python_exec_sandbox.sandbox_linux import BubblewrapSandbox
             sb = BubblewrapSandbox()
-        elif sys.platform == "darwin":
-            from mcp_python_exec_sandbox.sandbox_macos import SandboxExecSandbox
-            sb = SandboxExecSandbox()
-        else:
-            import logging
+            if not sb.is_available():
+                import logging
-            logging.warning(
-                "Native sandbox not supported on %s, falling back to no sandbox",
-                sys.platform,
-            )
-            return NoopSandbox()
+                logging.warning("bwrap not found, falling back to no sandbox")
+                return NoopSandbox()
+            return sb
-        if not sb.is_available():
-            import logging
+        # Native sandbox is only supported on Linux; use Docker on other platforms.
+        import logging
-            logging.warning("Native sandbox tool not found, falling back to no sandbox")
-            return NoopSandbox()
-        return sb
+        logging.info(
+            "Native sandbox is Linux-only; using Docker sandbox on %s.",
+            sys.platform,
+        )
+        return _get_docker_sandbox()
     if backend == "docker":
-        from mcp_python_exec_sandbox.sandbox_docker import DockerSandbox
-        sb = DockerSandbox()
-        if not sb.is_available():
-            import logging
-            logging.warning("Docker not available, falling back to no sandbox")
-            return NoopSandbox()
-        return sb
+        return _get_docker_sandbox()
     raise ValueError(f"Unknown sandbox backend: {backend!r}")

{mcp_python_exec_sandbox-0.1.2 → mcp_python_exec_sandbox-0.1.4}/tests/test_config.py RENAMED Viewed

@@ -56,9 +56,12 @@ class TestServerConfig:
 class TestParseArgs:
     def test_defaults(self):
+        import sys
         args = parse_args([])
         assert args.python_version == "3.13"
-        assert args.sandbox_backend == "native"
+        expected_backend = "native" if sys.platform == "linux" else "docker"
+        assert args.sandbox_backend == expected_backend
         assert args.max_timeout == 300
         assert args.default_timeout == 30
         assert args.max_output_bytes == 102_400

{mcp_python_exec_sandbox-0.1.2 → mcp_python_exec_sandbox-0.1.4}/tests/test_sandbox.py RENAMED Viewed

@@ -40,7 +40,17 @@ class TestGetSandbox:
             assert isinstance(sb, NoopSandbox)
     @patch("sys.platform", "darwin")
-    def test_native_macos_fallback_when_sandbox_exec_missing(self):
+    def test_native_macos_uses_docker(self):
+        """On macOS, 'native' redirects to Docker sandbox."""
+        from mcp_python_exec_sandbox.sandbox_docker import DockerSandbox
+        with patch("shutil.which", return_value="/usr/local/bin/docker"):
+            sb = get_sandbox("native")
+            assert isinstance(sb, DockerSandbox)
+    @patch("sys.platform", "darwin")
+    def test_native_macos_falls_back_when_docker_missing(self):
+        """On macOS, 'native' falls back to NoopSandbox if Docker is unavailable."""
         with patch("shutil.which", return_value=None):
             sb = get_sandbox("native")
             assert isinstance(sb, NoopSandbox)
@@ -68,29 +78,6 @@ class TestBubblewrapSandbox:
             assert wrapped[-6:] == cmd
-class TestSandboxExecSandbox:
-    @pytest.mark.skipif(sys.platform != "darwin", reason="macOS only")
-    def test_wrap_command(self):
-        from mcp_python_exec_sandbox.sandbox_macos import SandboxExecSandbox
-        with patch("shutil.which", return_value="/usr/bin/sandbox-exec"):
-            sb = SandboxExecSandbox()
-            cmd = ["uv", "run", "--script", "--python", "3.13", "/tmp/test.py"]
-            wrapped = sb.wrap(cmd, Path("/tmp/test.py"))
-            assert wrapped[0] == "/usr/bin/sandbox-exec"
-            assert "-p" in wrapped
-            # Original command should be at the end
-            assert wrapped[-6:] == cmd
-    @pytest.mark.skipif(sys.platform != "darwin", reason="macOS only")
-    def test_describe(self):
-        from mcp_python_exec_sandbox.sandbox_macos import SandboxExecSandbox
-        with patch("shutil.which", return_value="/usr/bin/sandbox-exec"):
-            sb = SandboxExecSandbox()
-            assert "sandbox-exec" in sb.describe()
 class TestDockerSandbox:
     def test_wrap_command(self):
         from mcp_python_exec_sandbox.sandbox_docker import DockerSandbox

{mcp_python_exec_sandbox-0.1.2 → mcp_python_exec_sandbox-0.1.4}/uv.lock RENAMED Viewed

@@ -639,7 +639,7 @@ wheels = [
 [[package]]
 name = "mcp-python-exec-sandbox"
-version = "0.1.2"
+version = "0.1.3"
 source = { editable = "." }
 dependencies = [
     { name = "fastmcp" },

mcp_python_exec_sandbox-0.1.2/.github/workflows/ci.yml DELETED Viewed

@@ -1,25 +0,0 @@
-name: CI
-on:
-  push:
-    branches: [main]
-  pull_request:
-    branches: [main]
-jobs:
-  lint:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: astral-sh/setup-uv@v4
-      - run: uv sync --dev
-      - run: uv run ruff check .
-      - run: uv run ruff format --check .
-  test:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: astral-sh/setup-uv@v4
-      - run: uv sync --dev
-      - run: uv run pytest tests/ -v

mcp_python_exec_sandbox-0.1.2/profiles/sandbox_macos.sb DELETED Viewed

@@ -1,39 +0,0 @@
-(version 1)
-(deny default)
-;; Allow reading system libraries and frameworks
-(allow file-read*
-    (subpath "/usr/lib")
-    (subpath "/usr/local")
-    (subpath "/System")
-    (subpath "/Library/Frameworks")
-    (subpath "/opt/homebrew")
-    (subpath "/private/tmp")
-    (subpath "/private/var/folders")
-    (subpath "/dev")
-    (subpath "{{CACHE_DIR}}")
-    (subpath "{{SCRIPT_DIR}}"))
-;; Allow writing to cache and script dir
-(allow file-write*
-    (subpath "{{CACHE_DIR}}")
-    (subpath "{{SCRIPT_DIR}}")
-    (subpath "/private/tmp")
-    (subpath "/private/var/folders"))
-;; Allow process operations
-(allow process-exec*)
-(allow process-fork)
-;; Allow network access (needed for package downloads and data-fetching scripts)
-(allow network*)
-;; Allow sysctl reads (needed by Python runtime)
-(allow sysctl-read)
-;; Allow mach lookups (needed for DNS resolution, etc.)
-(allow mach-lookup)
-;; Allow IPC operations (needed by some Python extensions)
-(allow ipc-posix-shm-read-data)
-(allow ipc-posix-shm-write-data)

mcp_python_exec_sandbox-0.1.2/src/mcp_python_exec_sandbox/sandbox_macos.py DELETED Viewed

@@ -1,92 +0,0 @@
-"""macOS sandbox-exec (Seatbelt) sandbox implementation."""
-from __future__ import annotations
-import shutil
-from pathlib import Path
-from mcp_python_exec_sandbox.sandbox import Sandbox
-_PROFILE_DIR = Path(__file__).parent.parent.parent / "profiles"
-class SandboxExecSandbox(Sandbox):
-    """macOS sandbox using sandbox-exec with Seatbelt profiles."""
-    def __init__(self) -> None:
-        self._sandbox_exec_path = shutil.which("sandbox-exec")
-        self._uv_cache_dir = Path.home() / "Library" / "Caches" / "uv"
-        self._profile_path = _PROFILE_DIR / "sandbox_macos.sb"
-    def is_available(self) -> bool:
-        return self._sandbox_exec_path is not None
-    def _build_profile(self, script_dir: str) -> str:
-        """Build a Seatbelt profile string with the given script directory."""
-        cache_dir = str(self._uv_cache_dir)
-        # If the profile file exists, read and substitute parameters
-        if self._profile_path.exists():
-            template = self._profile_path.read_text()
-            return template.replace("{{SCRIPT_DIR}}", script_dir).replace(
-                "{{CACHE_DIR}}", cache_dir
-            )
-        # Fallback inline profile
-        return f"""\
-(version 1)
-(deny default)
-;; Allow reading system libraries and frameworks
-(allow file-read*
-    (subpath "/usr/lib")
-    (subpath "/usr/local")
-    (subpath "/System")
-    (subpath "/Library/Frameworks")
-    (subpath "/opt/homebrew")
-    (subpath "/private/tmp")
-    (subpath "/private/var/folders")
-    (subpath "/dev")
-    (subpath "{cache_dir}")
-    (subpath "{script_dir}"))
-;; Allow writing to cache and script dir
-(allow file-write*
-    (subpath "{cache_dir}")
-    (subpath "{script_dir}")
-    (subpath "/private/tmp")
-    (subpath "/private/var/folders"))
-;; Allow process operations
-(allow process-exec*)
-(allow process-fork)
-;; Allow network access
-(allow network*)
-;; Allow sysctl reads (needed by Python)
-(allow sysctl-read)
-;; Allow mach lookups (needed for DNS, etc.)
-(allow mach-lookup)
-;; Allow ipc operations
-(allow ipc-posix-shm-read-data)
-(allow ipc-posix-shm-write-data)
-"""
-    def wrap(self, cmd: list[str], script_path: Path) -> list[str]:
-        script_dir = str(script_path.parent)
-        profile = self._build_profile(script_dir)
-        return [
-            self._sandbox_exec_path or "sandbox-exec",
-            "-p",
-            profile,
-            *cmd,
-        ]
-    def describe(self) -> str:
-        if self._sandbox_exec_path:
-            return f"sandbox-exec ({self._sandbox_exec_path})"
-        return "sandbox-exec (not found)"