ipybox
Runs Python code in sandboxed Docker containers with persistent IPython sessions. Includes file transfer capabilities and network security controls for safe AI agent code execution.
Provides secure Python code execution in Docker containers with stateful IPython kernels, real-time output streaming, file operations, and network firewall controls for safe AI agent code execution environments.
What it does
- Execute Python code in isolated Docker containers
- Maintain stateful IPython kernels across executions
- Upload files from host to container
- Download files from container to host
- Reset kernel to clean state
- Stream real-time code execution output
Best for
About ipybox
ipybox is a community-built MCP server published by gradion-ai that provides AI assistants with tools and capabilities via the Model Context Protocol. ipybox enables secure Python code execution with stateful IPython kernels, real-time output, file operations, and robust It is categorized under analytics data, developer tools. This server exposes 4 tools that AI clients can invoke during conversations and coding sessions.
How to install
You can install ipybox in your AI client of choice. Use the install panel on this page to get one-click setup for Cursor, Claude Desktop, VS Code, and other MCP-compatible clients. This server runs locally on your machine via the stdio transport.
License
ipybox is released under the Apache-2.0 license. This is a permissive open-source license, meaning you can freely use, modify, and distribute the software.
Tools (4)
Execute Python code in a stateful IPython kernel within a Docker container. The kernel maintains state across executions - variables, imports, and definitions persist between calls. Each execution builds on the previous one, allowing you to build complex workflows step by step. Use '!pip install package_name' to install packages as needed. The kernel has an active asyncio event loop, so use 'await' directly for async code. DO NOT use asyncio.run() or create new event loops. Executions are sequential (not concurrent) as they share kernel state. Use the reset() tool to clear the kernel state and start fresh. Returns: str: Output text from execution, or empty string if no output.
Upload a file from the host filesystem to the container's /app directory. Makes a file from the host available inside the container for code execution. The uploaded file can then be accessed in execute_ipython_cell using the path '/app/{relpath}'.
Download a file from the container's /app directory to the host filesystem. Retrieves files created or modified during code execution from the container. The file at '/app/{relpath}' in the container will be saved to the specified location on the host. Parent directories are created automatically if they don't exist.
Reset the IPython kernel to a clean state. Creates a new kernel instance, clearing all variables, imports, and definitions from memory. Installed packages and files in the container filesystem are preserved. Useful for starting fresh experiments or clearing memory after processing large datasets.
ipybox
mcp-name: io.github.gradion-ai/ipybox
ipybox is a Python code execution sandbox with first-class support for programmatic MCP tool calling. It generates typed Python tool APIs from MCP server tool schemas, supporting both local stdio and remote HTTP servers.
Code that calls the generated API executes in a sandboxed IPython kernel. The API delegates MCP tool execution to a separate environment that enforces tool call approval, requiring applications to accept or reject each tool call.
[!NOTE] Next generation ipybox
This is the next generation of ipybox, a complete rewrite. Older versions are maintained on the 0.6.x branch and can be obtained with
pip install ipybox<0.7.
Documentation:
- 📚 Documentation
- 🏗️ Architecture
- 🤖 llms.txt
- 🤖 llms-full.txt
Capabilities
| Capability | Description |
|---|---|
| Stateful code execution | State persists across executions in IPython kernels |
| Lightweight sandboxing | Kernel isolation via Anthropic's sandbox-runtime |
| Programmatic MCP tool calling | MCP tools called via Python code, not JSON directly |
| MCP tool call approval | Every MCP tool call requires application-level approval |
| Python tool API generation | Functions and models generated from MCP tool schemas |
| Any MCP server | Supports stdio, Streamable HTTP, and SSE transports |
| Any Python package | Install and use any Python package in IPython kernels |
| Local code execution | No cloud dependencies, everything runs on your machine |
Usage
| Component | Description |
|---|---|
| Python SDK | Python API for building applications on ipybox |
| MCP server | ipybox as MCP server for code actions and programmatic tool calling |
| Claude Code plugin | Plugin that bundles the ipybox MCP server and a code action skill |
Agent integration
ipybox is designed for agents that act by executing Python code rather than issuing JSON tool calls. This code action approach enables tool composition and intermediate result processing in a single inference pass, keeping intermediate results out of the agent's context window.
Code actions are also key for agents to improve themselves and their tool libraries by capturing successful experience as executable knowledge. Agent-generated code cannot be trusted and requires sandboxed execution with application-level approval for every MCP tool call.
[!TIP] freeact
A code action agent built on ipybox is freeact. In addition to inheriting the capabilities of ipybox, it supports progressive loading of tools and agent skills, and can save successful code actions as tools, evolving its own tool library over time.
Alternatives
Related Skills
Browse all skillsUse when building MCP servers or clients that connect AI systems with external tools and data sources. Invoke for MCP protocol compliance, TypeScript/Python SDKs, resource providers, tool functions.
CCXT cryptocurrency exchange library for TypeScript and JavaScript developers (Node.js and browser). Covers both REST API (standard) and WebSocket API (real-time). Helps install CCXT, connect to exchanges, fetch market data, place orders, stream live tickers/orderbooks, handle authentication, and manage errors. Use when working with crypto exchanges in TypeScript/JavaScript projects, trading bots, arbitrage systems, or portfolio management tools. Includes both REST and WebSocket examples.
.NET/C# backend developer for ASP.NET Core APIs with Entity Framework Core. Builds REST APIs, minimal APIs, gRPC services, authentication with Identity/JWT, authorization, database operations, background services, SignalR real-time features. Activates for: .NET, C#, ASP.NET Core, Entity Framework Core, EF Core, .NET Core, minimal API, Web API, gRPC, authentication .NET, Identity, JWT .NET, authorization, LINQ, async/await C#, background service, IHostedService, SignalR, SQL Server, PostgreSQL .NET, dependency injection, middleware .NET.
Build full-stack applications with Supabase (PostgreSQL, Auth, Storage, Real-time, Edge Functions). Use when implementing authentication, database design with RLS, file storage, real-time features, or serverless functions.
Transform data into compelling narratives using visualization, context, and persuasive structure. Use when presenting analytics to stakeholders, creating data reports, or building executive presentations.
Senior Python developer expertise for writing clean, efficient, and well-documented code. Use when: writing Python code, optimizing Python scripts, reviewing Python code for best practices, debugging Python issues, implementing type hints, or when user mentions Python, PEP 8, or needs help with Python data structures and algorithms.