init

Author: mkagenius

.gitignore

@@ -0,0 +1,43 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+myenv/
+env/
+venv/
+.venv/
+build/
+dist/
+*.egg-info/
+
+# Installer logs
+pip-log.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+nosedir/
+coverage.xml
+*.cover
+.hypothesis/
+
+# Environment variables
+.env
+
+# Editor directories and files
+.idea/
+.vscode/
+*.sublime-project
+*.sublime-workspace
+
+# MacOS
+.DS_Store
+
+# Windows
+Thumbs.db.env

Dockerfile.coderunner

@@ -0,0 +1,76 @@
+# Use the specified standard Python 3.13.3 base image (Debian-based)
+FROM python:3.13.3
+
+# Set environment variables
+ENV PYTHONDONTWRITEBYTECODE 1
+ENV PYTHONUNBUFFERED 1
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Set working directory
+WORKDIR /app
+
+# Install system dependencies INCLUDING systemd
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    systemd \
+    sudo \
+    curl \
+    iproute2 \
+    ffmpeg \
+    bash \
+    build-essential \
+    procps \
+    openssh-client \
+    openssh-server \
+    jq \
+    kmod \
+ && apt-get clean && rm -rf /var/lib/apt/lists/*
+
+
+# Upgrade pip
+RUN python -m pip install --no-cache-dir --upgrade pip
+
+# Copy requirements file
+COPY ./requirements.txt /app/requirements.txt
+
+# Install Python dependencies
+RUN pip install --no-cache-dir -r requirements.txt
+
+
+# Install the bash kernel spec for Jupyter (not working with uv)
+RUN python -m bash_kernel.install
+
+# Copy the application code (main.py)
+COPY ./main.py /app/main.py
+
+# Copy the application code (main.py)
+COPY ./mcp_main.py /app/mcp_main.py
+
+# Create application/jupyter directories
+RUN mkdir -p /app/uploads /app/jupyter_runtime
+
+# # Generate SSH host keys
+# RUN ssh-keygen -A
+
+# Clean systemd machine-id
+RUN rm -f /etc/machine-id && touch /etc/machine-id
+
+# --- Set environment variables for the application ---
+ENV FASTMCP_HOST="0.0.0.0"
+ENV FASTMCP_PORT="8222"
+
+
+# Expose the FastAPI port
+EXPOSE 8222
+
+# Start the FastAPI application
+# CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8002", "--workers", "1", "--no-access-log"]
+
+
+# Copy the entrypoint script into the image
+COPY entrypoint.sh /entrypoint.sh
+
+# Make the entrypoint script executable
+RUN chmod +x /entrypoint.sh
+
+# Use the entrypoint script
+ENTRYPOINT ["/entrypoint.sh"]

README.md

@@ -0,0 +1,75 @@
+![Demo](./demo.png)
+
+# ⚡ CodeRunner: A sandbox running on apple container for code execution
+
+CodeRunner provides a MCP server running inside a secure sandbox, powered by Apple's native [container](https://github.com/apple/container) technology, allowing you to safely execute code generated by local/remote AI models like Ollama.
+
+This guide is for **using** the pre-built CodeRunner sandbox.
+
+
+
+## 🚀 Quick Start
+
+### Prerequisites
+
+*   A Mac with Apple Silicon (M1/M2/M3/M4 series).
+*   **[Apple `container` Tool](https://github.com/apple/container)** installed via **[Download](https://github.com/apple/container/releases/download/0.1.0/container-0.1.0-installer-signed.pkg)**
+*   **Python 3.10+**
+
+### Step 1: Configure Local Network for Sandbox
+
+
+Run these commands once to set up the `.local` top-level domain:
+
+```bash
+sudo container system dns create local
+container system dns default set local
+```
+
+### Step 2: Run the Pre-Built Sandbox Container
+
+This single command will download the CodeRunner sandbox image from Docker Hub (if not already present) and run it.
+
+```bash
+# This will run the container named 'coderunner' and make it
+# available at http://coderunner.local:8222
+container run \
+  --name coderunner \
+  --detach --rm \
+  instavm/coderunner
+```
+
+
+### Step 3: Run an AI Task
+
+Finally, run the script from your terminal:
+
+```bash
+git clone https://github.com/instavm/coderunner.git
+cd coderunner
+```
+
+Now you can give it prompts like `write python code to generate 100 primes` and watch it execute the code safely in the sandbox!
+
+### Use with Ollama3.1 with MCPHOST
+
+Download `mcphost` from [releases](https://github.com/mark3labs/mcphost/releases/tag/v0.14.0)
+
+```bash
+cp cookbooks/.mcp.json ~/.mcp.json
+~/Downloads/mcphost_Darwin_arm64/mcphost  -m ollama:llama3.1:8b
+```
+
+### Can also run via python openai agents
+
+```bash
+python cookbooks/openai_testmcp.py
+```
+
+### Use via Curl
+
+```
+curl -X POST "http://coderunner.local:8222/execute/"  -H "Content-Type: application/json" -d '{"command": "print(100**100)"}'
+
+{"result":"100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\n"}
+```

claude_mcp_proxy/claude_desktop_config.json

@@ -0,0 +1,18 @@
+{
+  "mcpServers": {
+      "jejus": {
+      "command": "/Users/manish/Work/venv/bin/python",
+      "args": [
+        "/Users/manish/Work/proxymcp.py"
+      ]
+    },
+    "filesystem2": {
+      "command": "/Users/manish/.nvm/versions/node/v23.9.0/bin/node",
+      "args": [
+        "/Users/manish/.nvm/versions/node/v23.9.0/lib/node_modules/@modelcontextprotocol/server-filesystem/dist/index.js",
+        "/Users/manish/Desktop/assets",
+        "/Users/manish/Downloads/chota"
+      ]
+    }
+  }
+}

claude_mcp_proxy/mcp.py

@@ -0,0 +1,19 @@
+
+from fastmcp import FastMCP
+import socket
+
+
+def resolve_with_system_dns(hostname):
+    try:
+        return socket.gethostbyname(hostname)
+    except socket.gaierror as e:
+        print(f"Error resolving {hostname}: {e}")
+        return None
+
+
+hostname = "coderunner.local"
+address = resolve_with_system_dns(hostname)
+proxy = FastMCP.as_proxy(f"http://{address}:8222/sse", name="SSE to Stdio Proxy")
+# Run the proxy with stdio transport for local access
+if __name__ == "__main__":
+    proxy.run()

claude_mcp_proxy/requirements.txt

@@ -0,0 +1 @@
+fastmcp

cookbooks/.mcp.json

@@ -0,0 +1,15 @@
+{
+  "system-prompt": "cookbooks/systemprompt.txt",
+  "mcpServers": {
+    "coderunner": {
+		"url": "http://coderunner.local:8222/sse"
+     },
+    "filesystem": {
+      "command": "mcp-filesystem-server",
+      "args": [
+        "/Users/manish/Desktop/assets",
+        "/Users/manish/Downloads/chota"
+      ]
+    }
+  }
+}

cookbooks/openai_testmcp.py

@@ -0,0 +1,85 @@
+import asyncio
+import os
+import shutil
+import subprocess
+import time
+import socket
+from typing import Any
+
+from agents import Agent, Runner, gen_trace_id, trace
+from agents.mcp import MCPServer, MCPServerSse
+from agents.model_settings import ModelSettings
+
+
+# async def run(mcp_server: MCPServer):
+#     agent = Agent(
+#         name="Assistant",
+#         instructions="Use the tools to answer the questions.",
+#         mcp_servers=[mcp_server],
+#         model_settings=ModelSettings(tool_choice="required"),
+#     )
+
+#     # Use the `add` tool to add two numbers
+#     message = "list files in current directory using python"
+#     print(f"Running: {message}")
+#     result = await Runner.run(starting_agent=agent, input=message)
+#     print(result.final_output)
+
+#     # Run the `get_weather` tool
+#     message = "Fetch ETH price on 15th June 2025. First pip install libraries needed like yfinance, then write the code and fetch data."
+#     print(f"\n\nRunning: {message}")
+#     result = await Runner.run(starting_agent=agent, input=message)
+#     print(result.final_output)
+
+#     # Run the `get_secret_word` tool
+#     message = "What's the secret word?"
+#     print(f"\n\nRunning: {message}")
+#     result = await Runner.run(starting_agent=agent, input=message)
+#     print(result.final_output)
+
+
+async def run(mcp_server: MCPServer):
+    agent = Agent(
+        name="Assistant",
+        instructions="Use the tools to answer the questions.",
+        mcp_servers=[mcp_server],
+        model_settings=ModelSettings(tool_choice="required"),
+    )
+
+    while True:
+        message = input("Enter your prompt (or 'exit' to quit): ")
+        if message.lower() == 'exit':
+            print("Exiting...")
+            break
+
+        print(f"Running: {message}")
+        result = await Runner.run(starting_agent=agent, input=message)
+        print(result.final_output)
+
+def resolve_with_system_dns(hostname):
+    try:
+        return socket.gethostbyname(hostname)
+    except socket.gaierror as e:
+        print(f"Error resolving {hostname}: {e}")
+        return None
+
+
+async def main():
+    hostname = "coderunner.local"
+    address = resolve_with_system_dns(hostname)
+    async with MCPServerSse(
+        name="SSE Python Server",
+        params={
+            "url": f"http://{address}:8222/sse",
+            "sse_read_timeout": 60,
+            "timeout": 60,
+        },
+    ) as server:
+        trace_id = gen_trace_id()
+        with trace(workflow_name="SSE Example", trace_id=trace_id):
+            print(f"View trace: https://platform.openai.com/traces/trace?trace_id={trace_id}\n")
+            await run(server)
+
+
+if __name__ == "__main__":
+    asyncio.run(main())

cookbooks/systemprompt.txt

@@ -0,0 +1,13 @@
+always start answer by calling me lord voldemort.
+
+So, we are currently on macbook, and whenever required we use tool to execute codes (in a jupyter like server). the code is executed in a container (you wouldn't notice but just know this).
+
+For file access we have mapped /Users/<username>/Desktop/assets to /app/uploads inside the container. So that will help whenever we need a file inside a container to work on it via the execute code tool.
+
+So, a scenario could be that we want to extract 10 seconds of a video inside a mac, then steps would look like:
+
+1. You would use filesystem to copy the video file from /Users/<username>/Downloads/chota (we have access to this folder in addition to tthe assets one) to the assets folder. and since its mapped to /app/uploads it will automatically can be seen/accessed from inside the container where we will execute the code.
+
+2. Copying file can be tricky since we only have move function in filesystem tools. For now lets use that.
+
+3. Once file is there we can use execute command tool to run any code, like ffmpeg etc (which is executed inside a cell in jupyter internally)