https://github.com/declaw-ai/mcp-server
MCP server for Declaw — secure AI sandboxes with network policies, PII scanning, injection defense, and audit logging
https://github.com/declaw-ai/mcp-server
ai-agents ai-security claude code-execution firecracker llm mcp mcp-server microvm model-context-protocol pii-detection prompt-injection sandbox sandboxing
Last synced: 11 days ago
JSON representation
MCP server for Declaw — secure AI sandboxes with network policies, PII scanning, injection defense, and audit logging
- Host: GitHub
- URL: https://github.com/declaw-ai/mcp-server
- Owner: declaw-ai
- License: other
- Created: 2026-06-05T11:27:10.000Z (22 days ago)
- Default Branch: main
- Last Pushed: 2026-06-13T10:42:37.000Z (14 days ago)
- Last Synced: 2026-06-13T12:23:34.926Z (14 days ago)
- Topics: ai-agents, ai-security, claude, code-execution, firecracker, llm, mcp, mcp-server, microvm, model-context-protocol, pii-detection, prompt-injection, sandbox, sandboxing
- Language: TypeScript
- Homepage: https://declaw.ai
- Size: 53.7 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Declaw MCP Server
MCP server for [Declaw](https://declaw.ai) — secure sandbox execution for AI agents with network policies, PII scanning, prompt injection defense, and audit logging.
Works with Claude Desktop, Claude Code, Cursor, Windsurf, and any MCP-compatible AI tool.
## Quick Start
### Claude Desktop / Cursor / Windsurf
Add to your MCP config:
```json
{
"mcpServers": {
"declaw": {
"command": "npx",
"args": ["-y", "@declaw/mcp-server"],
"env": {
"DECLAW_API_KEY": "your-api-key"
}
}
}
}
```
### Claude Code
```bash
claude mcp add declaw -- npx -y @declaw/mcp-server
```
Set `DECLAW_API_KEY` in your environment.
## Tools
| Tool | Description |
|------|-------------|
| `create_sandbox` | Create a secure sandbox with configurable security policies |
| `run_command` | Execute a shell command inside a sandbox |
| `read_file` | Read a file from a sandbox |
| `write_file` | Write a file to a sandbox |
| `list_files` | List directory contents in a sandbox |
| `kill_sandbox` | Destroy a sandbox |
| `list_sandboxes` | List all active sandboxes |
## Security Presets
When creating a sandbox, choose a security preset:
- **`none`** — No guardrails. Full internet access.
- **`standard`** (default) — PII scanning + audit logging. Full internet access.
- **`strict`** — PII scanning + prompt injection defense + audit logging + network deny-all.
You can also pass `allowed_domains` to restrict outbound traffic to specific domains:
```
create_sandbox with template="python", security_preset="strict", allowed_domains=["pypi.org", "github.com"]
```
## Why Declaw?
| | Declaw | Other Sandbox Providers |
|---|---|---|
| Sandbox execution | Yes | Yes |
| Non-bypassable network controls | Yes | ?? |
| PII scanning | Yes | No |
| Injection defense | Yes | No |
| Full audit trail | Yes | Basic |
| Snapshots | Yes | Varies |
| Multiple templates | 8 built-in | Varies |
| Interactive stdio | Yes | Varies |
## Environment Variables
| Variable | Required | Description |
|----------|----------|-------------|
| `DECLAW_API_KEY` | Yes | Your Declaw API key |
| `DECLAW_DOMAIN` | No | Custom API domain (for on-prem deployments) |
## On-Prem
For self-hosted Declaw deployments, set the domain:
```json
{
"mcpServers": {
"declaw": {
"command": "npx",
"args": ["-y", "@declaw/mcp-server"],
"env": {
"DECLAW_API_KEY": "your-api-key",
"DECLAW_DOMAIN": "declaw.internal.company.com"
}
}
}
}
```
## License
Apache-2.0