Component · mcp/
mcp
An MCP server that re-exposes the same API as agent-callable tools, so a model can drive Enclave as a tool. A thin layer over the SDK.
Role in the architecture#
The MCP server registers a small set of tools on top of an EnclaveClient. An agent calls run_code to execute a workload in a contained session and gets back the structured outcome — the same lifecycle the SDK and console use.
Source
mcp/src/index.ts (the enclave-mcp bin) → server.ts (tool registration) → tools.ts (handlers + input schemas).The five tools#
| Field | Type | Description |
|---|---|---|
| run_code | { code, … } | Run agent-generated code in an isolated, credential-scoped gVisor sandbox with default-deny egress and resource quotas, then return the structured result. |
| get_result | { sessionId } | Fetch the structured result of a completed session. |
| get_audit | { sessionId } | Fetch the immutable audit trail (credential issuance, egress decisions, quota kills, lifecycle). |
| list_sessions | {} | List recent sessions. |
| teardown_session | { sessionId } | Tear down a session and reclaim its resources. |
Wiring#
The server resolves its target control plane and credential from the environment, then speaks MCP over stdio:
terminalbash
# the server reads its target + credential from env
ENCLAVE_BASE_URL=http://127.0.0.1:8088
ENCLAVE_API_KEY=ek_<id>_<secret> # resolved to an org-scoped principal
# run the stdio MCP server
npx enclave-mcp