docker-mcp-server

The server's core functionality involves executing arbitrary shell commands and file operations via the `execute_command` and `file_*` tools. While this is the intended purpose, it inherently carries risk if the server is exposed to untrusted clients or if the container environment is not adequately secured. The project mitigates this by: 1) Running entirely within a Docker container, providing isolation from the host system; 2) Enforcing bearer token authentication for all HTTP requests; 3) Scoping all file and command operations to a dedicated `/app/workspace` mounted volume; 4) Using base64 encoding for `file_edit` content to prevent direct shell injection; and 5) Offering an `ALLOWED_TOOLS` environment variable for restricting available native tools. However, the default CORS policy is wide open (`*`), which might be risky in production deployments without further restriction. The `execute_command` tool is extremely powerful, allowing any shell command to be run within the container, which, if compromised, could lead to container escape or abuse of container resources.