Skip to main content
Glama

Code Executor MCP Server

by aberemia24
GitHub
TypeScript
MIT License
16
  • Linux
  • Apple
OverviewInspectNewEndpointsSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue
docker-compose.ymlβ€’2.79 kB
# Docker Compose configuration for code-executor-mcp # # SECURITY: This configuration implements defense-in-depth security: # - Resource limits (memory, CPU, PIDs) # - Isolated network # - Read-only root filesystem # - No capabilities # - Seccomp profile # - AppArmor profile # - Ulimits version: '3.8' services: code-executor: build: context: . dockerfile: Dockerfile container_name: code-executor-mcp # SECURITY: Resource limits deploy: resources: limits: cpus: '1.0' # Max 1 CPU core memory: 512M # Max 512MB RAM (accounts for Deno 128MB + overhead) pids: 50 # Max 50 processes (prevents fork bombs) reservations: cpus: '0.25' # Reserve 0.25 cores memory: 128M # Reserve 128MB # SECURITY: Ulimits ulimits: nproc: 50 # Max processes nofile: soft: 1024 # Soft file descriptor limit hard: 2048 # Hard file descriptor limit cpu: 60 # CPU time limit (60 seconds) # SECURITY: Read-only root filesystem read_only: true # Writable tmp directories (required for code execution) tmpfs: - /tmp:mode=1777,size=100M,noexec,uid=1001,gid=1001 # 100MB temp space owned by codeexec - /app/audit.log:mode=0600 # Audit log (owner read/write only) # SECURITY: Drop all capabilities cap_drop: - ALL # SECURITY: No new privileges security_opt: - no-new-privileges:true - seccomp=./seccomp-profile.json # Custom seccomp profile - apparmor=code-executor-mcp # AppArmor profile # SECURITY: Isolated network networks: - code-executor-network # Environment variables environment: - NODE_ENV=production - ENABLE_AUDIT_LOG=true - AUDIT_LOG_PATH=/app/audit.log - ALLOWED_PROJECTS=/app/projects - MCP_CONFIG_PATH=/app/.mcp.json # Volume mounts volumes: # Mount MCP configuration (read-only) - ./config/.mcp.json:/app/.mcp.json:ro # Mount allowed project directories (read-only by default) - ./projects:/app/projects:ro # Audit log (persistent) - ./logs:/app/logs:rw # Restart policy restart: unless-stopped # Logging configuration logging: driver: "json-file" options: max-size: "10m" max-file: "3" # SECURITY: Isolated network with egress firewall networks: code-executor-network: driver: bridge driver_opts: com.docker.network.bridge.name: code-exec-br0 ipam: config: - subnet: 172.28.0.0/16 # Note: Add egress filtering via iptables or Docker network policies # to block access to private IPs and cloud metadata endpoints

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/aberemia24/code-executor-MCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server