bun-runner-mcp

bun-runner-mcp

An MCP server that executes TypeScript/JavaScript code in a sandboxed Bun environment with permission-based security controls, code snippets, and a web management UI.

Category
访问服务器

README

bun-runner-mcp

An MCP (Model Context Protocol) server that executes TypeScript/JavaScript code in a sandboxed Bun environment with permission-based security controls.

Features

  • Sandboxed Execution: Run TypeScript/JavaScript code in an isolated environment
  • Permission System: Fine-grained control over HTTP requests, file access, and environment variables
  • Code Snippets: Save and reuse code snippets across sessions with dependency resolution
  • Web Management UI: Browser-based interface for managing environment variables and viewing snippets
  • Two Execution Modes:
    • Preload (default): Uses Bun's preload feature for runtime sandboxing
    • Container: Uses Apple Containers for VM-level isolation (macOS 26+)
  • HTTP Proxy: All network requests are routed through a permission-checking proxy

Quick Start

Installation

git clone https://github.com/timoconnellaus/bun-runner-mcp.git
cd bun-runner-mcp
bun install

Claude Desktop Configuration

Add to ~/Library/Application Support/Claude/claude_desktop_config.json:

Standard Mode (Preload Sandbox):

{
  "mcpServers": {
    "bun-runner": {
      "command": "bun",
      "args": ["run", "/path/to/bun-runner-mcp/src/mcp/server.ts"]
    }
  }
}

Container Mode (Apple Containers - Recommended for untrusted code):

{
  "mcpServers": {
    "bun-runner": {
      "command": "bun",
      "args": ["run", "/path/to/bun-runner-mcp/src/mcp/server.ts"],
      "env": {
        "EXECUTION_MODE": "container"
      }
    }
  }
}

Note: Container mode requires macOS 26 (Tahoe) or later with Apple Containers installed.

Running Manually

# Standard mode
bun run start

# Container mode
EXECUTION_MODE=container bun run start

# Development with watch
bun run dev

MCP Tools

run_code

Execute TypeScript/JavaScript code in the sandbox.

{
  "code": "console.log('Hello, world!')",
  "timeout": 30000
}

grant_permission

Grant a permission for the current session.

HTTP Permission:

{
  "permission": {
    "type": "http",
    "host": "api.example.com",
    "description": "Access example API"
  }
}

File Permission:

{
  "permission": {
    "type": "file",
    "path": "/tmp/data/*",
    "operations": ["read", "write"],
    "description": "Access temp files"
  }
}

Environment Variable Permission:

{
  "permission": {
    "type": "env",
    "variables": ["API_KEY", "SECRET_*"],
    "description": "Access API keys"
  }
}

list_permissions

List all currently granted permissions.

revoke_permission

Revoke a previously granted permission.

save_snippet

Save a reusable code snippet. Snippets must include a JSDoc @description tag.

{
  "name": "fetch-json",
  "code": "/** @description Fetches JSON from a URL */\nexport async function fetchJson(url: string) {\n  const res = await fetch(url);\n  return res.json();\n}"
}

list_snippets

List all saved snippets with their names and descriptions.

get_snippet

Get the full code and metadata for a saved snippet.

delete_snippet

Delete a saved snippet.

list_env_vars

List available environment variable names (values are hidden for security).

get_web_ui_url

Get the URL for the web management interface. The AI can use this to direct users to the browser UI.

Code Snippets

Snippets are reusable code blocks that persist across sessions. They're stored in ~/.bun-runner-mcp/snippets/.

Using Snippets in Code

Reference snippets in your code using the @use-snippet directive:

// @use-snippet: fetch-json
// @use-snippet: format-date

const data = await fetchJson('https://api.example.com/data');
console.log(formatDate(data.timestamp));

The snippet code is automatically inlined before execution. Snippets can depend on other snippets, and circular dependencies are detected.

Snippet Requirements

  • Must include a JSDoc comment with @description tag
  • Name must be alphanumeric with hyphens/underscores
  • Should export functions for reuse

Environment Variables

Environment variables can be configured for use in executed code:

Configuration Sources

  1. MCP Config: Pass variables with BUN_ prefix in your MCP config:

    {
      "env": {
        "BUN_API_KEY": "your-api-key",
        "BUN_DEBUG": "true"
      }
    }
    

    The BUN_ prefix is stripped when accessed in code (e.g., process.env.API_KEY).

  2. Env File: Create ~/.bun-runner-mcp/.bun-runner-env:

    API_KEY=your-api-key
    DATABASE_URL=postgres://localhost/db
    

File variables take precedence over MCP config variables.

Hot Reload

The env file is watched for changes. When modified, variables are automatically reloaded (and containers restarted if in container mode).

Web Management UI

A browser-based interface is available at http://localhost:9999 for:

  • Environment Variables: Add, edit, and delete environment variables
  • Code Snippets: View saved snippets and their code

The web UI is built automatically when the server starts using Bun's native bundler.

Execution Modes

Preload Mode (Default)

Uses Bun's preload feature to intercept and sandbox network requests. All HTTP requests are routed through a local proxy server (port 9999) that enforces permissions.

Container Mode (Apple Containers)

For stronger isolation, use Apple Containers which provides VM-level isolation. This is the recommended mode for untrusted code execution.

Requirements

  • macOS 26 (Tahoe) or later
  • Apple Containers CLI (container command) installed
  • Internet connection for initial image pull

How It Works

  1. Lazy Initialization: The container is created on first code execution, not at startup
  2. Session Persistence: The same container is reused for all executions within a session
  3. Auto-Cleanup: Container is automatically stopped when the MCP server exits
  4. Image Management: Uses oven/bun:alpine from Docker Hub, automatically pulled on first use

Container Specifications

Resource Limit
CPUs 2
Memory 512 MB
Base Image oven/bun:alpine
Timeout 30 seconds (default)

Features

  • VM-Level Isolation: Code runs in a fully isolated virtual machine
  • Isolated Filesystem: No access to host filesystem
  • Network Isolation: Network access is controlled by the container runtime
  • Package Support: npm packages are automatically installed via Bun
  • TypeScript Support: Full TypeScript execution with type checking via tsserver

Verifying Container CLI

Check if Apple Containers is available:

container --version

List available images:

container image list

Troubleshooting

Container CLI not found:

  • Ensure you're running macOS 26 (Tahoe) or later
  • The container CLI should be available at /usr/bin/container

Image pull fails:

  • Check your internet connection
  • Verify Docker Hub is accessible
  • Try manually: container image pull docker.io/oven/bun:alpine

Container won't start:

  • Check system resources (memory, disk space)
  • Look for error messages in stderr output
  • Ensure no conflicting containers are running

Architecture

┌─────────────────┐     ┌──────────────────┐
│   MCP Client    │────▶│   MCP Server     │
│  (Claude, etc)  │     │  (stdio transport)│
└─────────────────┘     └────────┬─────────┘
                                 │
                    ┌────────────┴────────────┐
                    │                         │
              ┌─────▼─────┐           ┌───────▼───────┐
              │  Preload  │           │   Container   │
              │  Sandbox  │           │    (Apple)    │
              └─────┬─────┘           └───────────────┘
                    │
              ┌─────▼─────┐
              │HTTP Proxy │
              │ (port 9999)│
              └───────────┘

License

MIT

推荐服务器

Baidu Map

Baidu Map

百度地图核心API现已全面兼容MCP协议,是国内首家兼容MCP协议的地图服务商。

官方
精选
JavaScript
Playwright MCP Server

Playwright MCP Server

一个模型上下文协议服务器,它使大型语言模型能够通过结构化的可访问性快照与网页进行交互,而无需视觉模型或屏幕截图。

官方
精选
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

通过模型上下文协议启用与 Audiense Insights 账户的交互,从而促进营销洞察和受众数据的提取和分析,包括人口统计信息、行为和影响者互动。

官方
精选
本地
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

一个由人工智能驱动的工具,可以从自然语言描述生成现代化的用户界面组件,并与流行的集成开发环境(IDE)集成,从而简化用户界面开发流程。

官方
精选
本地
TypeScript
VeyraX

VeyraX

一个单一的 MCP 工具,连接你所有喜爱的工具:Gmail、日历以及其他 40 多个工具。

官方
精选
本地
Kagi MCP Server

Kagi MCP Server

一个 MCP 服务器,集成了 Kagi 搜索功能和 Claude AI,使 Claude 能够在回答需要最新信息的问题时执行实时网络搜索。

官方
精选
Python
graphlit-mcp-server

graphlit-mcp-server

模型上下文协议 (MCP) 服务器实现了 MCP 客户端与 Graphlit 服务之间的集成。 除了网络爬取之外,还可以将任何内容(从 Slack 到 Gmail 再到播客订阅源)导入到 Graphlit 项目中,然后从 MCP 客户端检索相关内容。

官方
精选
TypeScript
mcp-server-qdrant

mcp-server-qdrant

这个仓库展示了如何为向量搜索引擎 Qdrant 创建一个 MCP (Managed Control Plane) 服务器的示例。

官方
精选
e2b-mcp-server

e2b-mcp-server

使用 MCP 通过 e2b 运行代码。

官方
精选
Neon MCP Server

Neon MCP Server

用于与 Neon 管理 API 和数据库交互的 MCP 服务器

官方
精选