tsunamayo7/helix-sandbox
Secure sandbox MCP server for AI agents — Docker and Windows Sandbox backends
Platform-specific configuration:
{
"mcpServers": {
"helix-sandbox": {
"command": "npx",
"args": [
"-y",
"helix-sandbox"
]
}
}
}Add the config above to .claude/settings.json under the mcpServers key.
Secure sandbox MCP server for AI agents. Run code, edit files, and operate GUI in isolated Docker or Windows Sandbox environments.
[](https://github.com/tsunamayo7/helix-sandbox/actions/workflows/ci.yml) [](https://www.python.org/) [](https://opensource.org/licenses/MIT)
helix-sandbox gives AI agents (Claude Code, Codex CLI, Open WebUI, etc.) a safe, isolated environment to execute code, read/write files, and even interact with a GUI desktop — without touching your host system.
AI Agent (Claude Code / Codex CLI / Open WebUI)
| MCP Protocol
helix-sandbox server
|
+--------+--------+
Docker Desktop Windows Sandbox
(Linux container) (Windows 11 native)| MCP Tool | Description | |----------|-------------| | create_sandbox | Create and start an isolated sandbox | | destroy_sandbox | Stop and remove the sandbox | | sandbox_status | Get current sandbox state and backend info | | execute_command | Run shell commands inside the sandbox | | read_file | Read file contents from the sandbox | | write_file | Write files into the sandbox | | list_directory | List directory contents | | screenshot | Capture desktop screenshot (base64 PNG) | | get_diff | Get workspace change diff | | container_stats | CPU/RAM usage statistics |
| Feature | Docker | Windows Sandbox | |---------|:------:|:---------------:| | Concurrent instances | Multiple | Single | | Persistence | Configurable | Ephemeral | | GUI desktop | VNC + noVNC | Native window | | OS inside | Linux (Ubuntu) | Windows 11 | | Requires | Docker Desktop | Windows 11 Pro | | Network isolation | Configurable | Configurable | | Resource limits | CPU/RAM | RAM/vGPU | |
Loading reviews...