WORK IN PROGRESS: This repository contains experimental code for implementing custom security policies for Claude Code MCP (Model Control Panel) tools, along with a Docker environment for testing and development.
💡 Related repo/effort: for running Claude Code with --dangerously-skip-permissions in isolated (without internet except Claude servers) docker container: https://github.com/CLIAI/isolated-docker-claude-code
This project aims to:
- Develop minimal working examples for MCP tool approval/denial servers that could serve as a foundation for implementing security policies
- Provide a Docker-based environment for safely testing Claude Code with MCP tools
- Allow isolated testing with the
--dangerously-skip-permissionsflag in a controlled environment
The repository now includes a fully configured Docker environment for running Claude Code with MCP tools:
- Docker installed on your system
- Anthropic API key (set as environment variable
ANTHROPIC_API_KEY)
# Set your Anthropic API key
export ANTHROPIC_API_KEY=your_api_key_here
# Example: Run a permission server and prompt in one call
make ; ./test_in_docker.py --time-limit 180 --debug mcp_permission_server_allow_always_fastmcp 'write hello world program in c++ , compile and execute'
# Build the Docker image
make build
# Run an interactive container with the current directory mounted
make run
# Test a specific script
make test-script SCRIPT=path/to/your/script.pyThe test_in_docker.py script provides a convenient way to run a file inside the Docker container:
# Basic usage
./test_in_docker.py your_script.py
# Run with a custom tool name
./test_in_docker.py your_script.py --tool-name custom_tool
# Run with a custom server name
./test_in_docker.py your_script.py --server-name my_serverThe --prompt-permission-tool flag may require the tool name to include both the server name and tool name (e.g., mcp__server_name__tool_name). If you encounter errors, check the server error messages for the expected format.
The repository contains:
docker_configs/: Configuration files for the Docker environmentdot_bashrc: Bash configuration for the container
specs/: Specification documentshow_we_do_dockerfiles.md: Docker best practices documentation
Dockerfile: Defines the Claude Code Docker environmentMakefile: Provides targets for building and running the Docker environmenttest_in_docker.py: Helper script for testing files in the Docker environment- MCP server implementations:
mcp_permission_server_allow_always_fastmcp: Simple FastAPI implementation intended to always allow tool usemcp_permission_server_fastmcp_another: Alternative FastAPI implementationmcp_permission_server_fastmcp_with_typing: FastAPI with explicit type definitionsmcp_permission_server_genai_by_gemini: Implementation using Geminimcp_permission_server_genai_by_gemini_another: Alternative Gemini implementationmcp_permission_server_genai_by_perplexity: Implementation using Perplexitymcp_permission_server_return_json_string: Simple server returning JSON strings
The Docker environment is ready for testing Claude Code with MCP tools. The MCP server implementations are still works in progress.
# Start an interactive session with the current directory mounted
make run
# Inside the container
claude-code --dangerously-skip-permissions# Create a simple MCP tool script
echo '#!/bin/bash
echo "This is a test MCP tool"
' > test_tool.sh
chmod +x test_tool.sh
# Test it in the Docker container
./test_in_docker.py test_tool.sh --tool-name test_toolPlans for future development:
- Add more comprehensive MCP server implementations
- Improve error handling and debugging
- Add automated testing
- Enhance documentation based on findings
If you have insights on how to make these examples work or have successfully implemented an MCP permission server, please open an issue or submit a pull request with your findings.
See the LICENSE file for details.