nix-sandbox-mcp - Efficient sandboxed execution for LLMs using Nix.

nix-sandbox-mcp

Efficient sandboxed execution for LLMs using Nix.

Pitch

nix-sandbox-mcp revolutionizes code execution for LLMs by utilizing Nix for lightweight, reproducible environments. Avoid the heaviness of Docker with declarative sandboxing and seamless local execution, ensuring complete isolation without the overhead of cloud or container management.

Description

nix-sandbox-mcp offers a novel approach to sandboxed code execution for Large Language Models (LLMs) using Nix, effectively addressing the limitations of traditional Docker-based solutions. Unlike Docker, which can be resource-heavy and requires managing additional daemons, nix-sandbox-mcp leverages Nix’s declarative flake expressions along with isolation techniques like jail.nix using bubblewrap and Linux namespaces for a lightweight and reproducible environment.

Key Features

Local Execution: Run environments entirely on local machines without the need for cloud services or complex container setups.
Declarative Sandboxing: Nix ensures environments are defined through clear flake expressions, simplifying the setup and execution process.
Customizable Environments: Users can create tailored environments with specific tools and dependencies by defining their own Nix flakes.

Getting Started

The setup requires a Linux system with Nix (flakes enabled). Configure your MCP client to utilize the nix-sandbox-mcp server simply by adding:

{
  "mcpServers": {
    "nix-sandbox": {
      "command": "nix",
      "args": ["run", "github:secbear/nix-sandbox-mcp", "--", "--stdio"],
      "env": {
        "PROJECT_DIR": "/home/user/myproject"
      }
    }
  }
}

This configuration allows access to three sandboxed environments (shell, python, node) with project files mounted as read-only.

Custom Environment Creation

Custom environments can be defined using a Nix flake. Here is an example setup:

# my-envs/flake.nix
{
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    nix-sandbox-mcp.url = "github:secbear/nix-sandbox-mcp";
  };

  outputs = { nixpkgs, nix-sandbox-mcp, ... }:
    let pkgs = nixpkgs.legacyPackages.x86_64-linux;
    in {
      packages.x86_64-linux = {
        data-science = nix-sandbox-mcp.lib.mkSandbox {
          inherit pkgs;
          name = "data-science";
          interpreter_type = "python";
          packages = [
            (pkgs.python3.withPackages (ps: [ ps.numpy ps.pandas ps.requests ]))
          ];
        };

        nix-tools = nix-sandbox-mcp.lib.mkSandbox {
          inherit pkgs;
          name = "nix-tools";
          interpreter_type = "bash";
          packages = [ pkgs.ripgrep pkgs.fd pkgs.jq pkgs.yq-go pkgs.tree ];
        };
      };
    };
}

Point your NIX_SANDBOX_ENVS to include these custom environments, allowing LLMs to execute code in a fully sandboxed manner.

Security Considerations

nix-sandbox-mcp uses jail.nix for isolation, providing unprivileged sandboxes without network access by default and ensuring project files remain read-only. Future updates will introduce microvm.nix to achieve hardware-level isolation for executing untrusted code, enhancing security further.

Conclusion

The nix-sandbox-mcp project streamlines code execution for LLMs while providing robust isolation and environment customization features that enhance reproducibility and security. For detailed instructions on configuration and environment setup, refer to the project's README.

0 comments

No comments yet.

New comment