Python code execution sandbox with first-class support for programmatic MCP tool calling.
Python code execution sandbox with first-class support for programmatic MCP tool calling.
ipybox ยท v0.8.0
gradion-ai
ipybox
mcp-name: io.github.gradion-ai/ipybox
ipybox is a Python code execution sandbox with first-class support for programmatic MCP tool calling. It generates typed Python tool APIs from MCP server tool schemas, supporting both local stdio and remote HTTP servers.
Code that calls the generated API executes in a sandboxed IPython kernel. The API delegates MCP tool execution to a separate environment that enforces tool call approval, requiring applications to accept or reject each tool call.
[!NOTE]
Next generation ipyboxThis is the next generation of ipybox, a complete rewrite. Older versions are maintained on the 0.6.x branch and can be obtained with
pip install ipybox<0.7.
Documentation:
- ๐ Documentation
- ๐๏ธ Architecture
- ๐ค llms.txt
- ๐ค llms-full.txt
Capabilities
| Capability | Description |
|---|---|
| Stateful code execution | State persists across executions in IPython kernels |
| Lightweight sandboxing | Kernel isolation via Anthropic's sandbox-runtime |
| Programmatic MCP tool calling | MCP tools called via Python code, not JSON directly |
| MCP tool call approval | Every MCP tool call requires application-level approval |
| Python tool API generation | Functions and models generated from MCP tool schemas |
| Any MCP server | Supports stdio, Streamable HTTP, and SSE transports |
| Any Python package | Install and use any Python package in IPython kernels |
| Local code execution | No cloud dependencies, everything runs on your machine |
Usage
| Component | Description |
|---|---|
| Python SDK | Python API for building applications on ipybox |
| MCP server | ipybox as MCP server for code actions and programmatic tool calling |
| Claude Code plugin | Plugin that bundles the ipybox MCP server and a code action skill |
Agent integration
ipybox is designed for agents that act by executing Python code rather than issuing JSON tool calls. This code action approach enables tool composition and intermediate result processing in a single inference pass, keeping intermediate results out of the agent's context window.
Code actions are also key for agents to improve themselves and their tool libraries by capturing successful experience as executable knowledge. Agent-generated code cannot be trusted and requires sandboxed execution with application-level approval for every MCP tool call.
[!TIP]
freeactA code action agent built on ipybox is freeact. In addition to inheriting the capabilities of ipybox, it supports progressive loading of tools and agent skills, and can save successful code actions as tools, evolving its own tool library over time.