bun-runner-mcp
Verified Safeby timoconnellaus
Overview
Execute TypeScript/JavaScript code in a sandboxed Bun environment with permission-based security controls, supporting code snippets and web-based management.
Installation
bun run ./src/mcp/server.tsEnvironment Variables
- EXECUTION_MODE
- BUN_RUNNER_DATA_DIR
- BUN_RUNNER_HTTP_PORT
- BUN_*
Security Notes
The server employs robust sandboxing, offering two main modes: preload and container. Preload mode uses Bun's `--preload` to intercept dangerous APIs (like `fetch`, `Bun.write`, `Bun.spawn`, `process.env` access) and routes them through a permission-checking proxy. Container mode (recommended for untrusted code) leverages Apple Containers (macOS 26+) for VM-level isolation, resource limits (CPU, memory), and package management. The accompanying Docker configuration (`docker-compose.yml`, `seccomp-profile.json`) further demonstrates a high level of security consciousness, implementing read-only filesystems, dropped capabilities, and syscall filtering. Hardcoded secrets are not apparent; environment variables are loaded securely from files or prefixed process environment variables.
Similar Servers
fastmcp
A TypeScript framework for building Model Context Protocol (MCP) servers, providing high-level abstractions and boilerplate handling for features like tools, prompts, resources, sessions, authentication, and HTTP streaming.
hyper-mcp
A fast, secure Model Context Protocol (MCP) server that extends its capabilities through WebAssembly plugins, enabling AI agents to access tools, resources, and prompts.
mcp-server-code-execution-mode
This server enables LLM agents to execute Python code in a highly secure, isolated container environment, facilitating complex multi-tool orchestration and data analysis with minimal LLM context token usage.
mcp-server-typescript
Provides a Model Context Protocol (MCP) server to enable AI assistants to access DataForSEO's SEO data APIs through a standardized interface.