Skip to main content

Sandbox Server

Deploy Custom MCP Servers in Isolation

Upload untrusted code with confidence. gVisor sandboxing, DLP scanning, network isolation, and resource limits protect your infrastructure.

3 Steps

Quick Start

1. Upload Your Server

Package your Python MCP server as a tarball and upload via the dashboard.

2. Configure Secrets

Securely store API keys and credentials. AES-256-GCM encrypted, never exposed in logs.

3. Connect Your Agent

Use the generated endpoint URL. Full MCP compatibility with all AI agent platforms.

Deployment

Upload Methods

Tarball Upload

Package your MCP server and upload directly from the dashboard.

Create tarball

tar -czf my-mcp-server.tar.gz server.py requirements.txt

Max size: 250 MB. Tarball must contain requirements.txt at root.

Configuration

Server Requirements

Python Runtime

Python 3.11+. gVisor provides a Linux user-space kernel with standard glibc.

requirements.txt

mcp[cli]>=1.0.0,<2.0.0 httpx>=0.27.0,<1.0.0 uvicorn>=0.29.0,<1.0.0

MCP SDK

Use mcp.server.fastmcp.FastMCP. Your server must bind on 0.0.0.0:8000 using streamable HTTP transport.

server.py

from mcp.server.fastmcp import FastMCP import uvicorn mcp = FastMCP("my-server") @mcp.tool() async def get_data(query: str) -> str: """Fetch data for the given query.""" return f"Result for: {query}" if __name__ == "__main__": uvicorn.run(mcp.streamable_http_app(), host="0.0.0.0", port=8000)

Entry Point

Sandbox runs python server.py or your configured command. The server must listen on 0.0.0.0:8000 — port is configurable in the dashboard.

Security

Configuration & Constraints

Domain Allowlist

Specify fully-qualified domain names (FQDN) your server can reach. All outbound traffic is denied by default.

Example allowlist

api.github.com api.openai.com data.example.com *.internal.company.com # Wildcard subdomains supported

Max 10 domains per server. Port-specific rules (e.g., 443, 8080) are available.

Secrets vs Environment Variables

The sandbox supports two ways to pass configuration to your server:

Secrets (Vault)

Stored AES-256-GCM encrypted. Mounted read-only at /run/secrets/<NAME> at runtime. Value is never visible after creation — use for API keys, tokens, credentials.

Env Vars (Environment tab)

Plain text, visible in the dashboard. Injected via os.environ at runtime. Use for non-sensitive config like base URLs, feature flags, or model names.

Recommended read_secret helper

import os from pathlib import Path def read_secret(name: str, default: str = "") -> str: # 1. Env var takes priority (set via Environment tab) val = os.environ.get(name) if val: return val # 2. Vault secret (mounted at /run/secrets/<NAME>) p = Path(f"/run/secrets/{name}") if p.exists(): return p.read_text().strip() return default # Usage api_key = read_secret("MY_API_KEY") # from Vault base_url = read_secret("SERVICE_URL", "https://api.example.com") # env var or default

Secrets are never logged or exposed in audit logs. Env vars are logged on startup.

Resource Limits

Enforce CPU, memory, storage, and process limits via cgroup v2. Prevent resource exhaustion attacks.

CPU Shares

512–4096 (proportional)

Memory

256 MB – 8 GB

Storage

5 GB – 100 GB

Max Processes

64 – 512

Integration

Connecting Your Agent

After deploying your server, use the generated endpoint URL in your agent configuration.

Endpoint URL pattern

https://mcp.mistaike.ai/sandbox/{server-id}/mcp Example: https://mcp.mistaike.ai/sandbox/abc123def456/mcp

API Key Authentication

Use your Hub API Key to authenticate. Recommended for automated tools.

Configure in your client

{ "mcpServers": { "my-sandbox": { "url": "https://mcp.mistaike.ai/sandbox/{server-id}/mcp", "transport": "http", "headers": { "X-API-Key": "YOUR_HUB_API_KEY" } } } }

OAuth Authentication

Use OAuth for Claude Desktop and Claude web. Token automatically managed.

Configure in your client

{ "mcpServers": { "my-sandbox": { "url": "https://mcp.mistaike.ai/sandbox/{server-id}/mcp", "transport": "http" } } }

Protection

DLP Integration

Every tool call (inbound and outbound) is scanned for secrets, PII, and malicious content. Configure per-server DLP policies at /dashboard/mcp-hub/{server-id}/dlp.

Bidirectional Scanning

Inbound: catch secrets leaking from your agent. Outbound: catch prompt injection and malicious data from the server.

Custom Policies

Override per-tool. Block, redact, warn, or log separately for each tool. Full audit trail.

Real-Time Alerts

Instant notification of blocked content. Dashboard shows threat summary and detailed logs.

Observability

Monitoring & Logging

Live Metrics

Monitor in real-time:

  • • Tool call counts and latency
  • • CPU and memory usage
  • • Network egress (bandwidth)
  • • Sandbox uptime and health
  • • DLP threats and blocks

Audit Logs

Searchable, immutable log of:

  • • Every tool call (args and result)
  • • DLP matches and actions taken
  • • Network requests and domains
  • • Process lifecycle events
  • • Secret access attempts

Billing Dashboard

Usage-based pricing. Pay for compute time (CPU/memory), storage, and outbound bandwidth. Free tier includes 10 hours/month.

Plans

Tier Limits & Pricing

FeatureStarterSecure RuntimePower
Servers25Unlimited
Monthly Compute10 CPU-hrs100 CPU-hrsUnlimited
Max Memory/Server512 MB4 GB8 GB
Storage/Server5 GB50 GB100 GB
DLP ScanningBlock onlyFullFull + Custom
Audit Logs7 days90 days1 year
PriceFree$99/moCustom

All tiers include gVisor isolation, network allowlisting, and secret management. Secure Runtime and Power tiers add advanced DLP policies and longer audit retention.

Learn More

Ready to Deploy?

For a deeper dive into architecture and threat modeling, see the security documentation.

Go to DashboardSecurity Architecture
HomeMCP SetupPricing