Isolated code execution sandboxes for AI agents
About • How It Works • MCP Tools • Documentation
Bouvet (boo-veh) is an MCP server that creates secure, isolated sandboxes for AI agents to execute code.
When an AI agent needs to run Python, Node.js, or shell commands, Bouvet spins up a lightweight microVM in ~200ms. The code runs in complete isolation separate kernel filesystem and network then the sandbox is destroyed. Nothing persists, nothing leaks.
The problem it solves: AI agents need a safe place to run untrusted code. Docker isn't enough containers share the host kernel. Bouvet uses Firecracker microVMs for true hardware-level isolation the same technology that powers AWS Lambda.
Who it's for: Developers building AI agents with Claude, Cursor, or any MCP-compatible client who need secure code execution without managing infrastructure.
┌─────────────┐ ┌─────────────┐ ┌─────────────────────────┐
│ AI Agent │────▶│ bouvet-mcp │────▶│ Firecracker microVM │
│ (Claude) │ │ (MCP Server)│ │ ┌─────────────────┐ │
└─────────────┘ └─────────────┘ │ │ bouvet-agent │ │
│ │ (guest daemon) │ │
│ └─────────────────┘ │
└─────────────────────────┘
- AI agent requests a sandbox via MCP
- Bouvet boots a microVM with your chosen toolchain
- Agent executes code, reads/writes files
- Sandbox is destroyed when done
Each microVM has ~256MB RAM, 1 vCPU, and a full Linux environment with Python, Node.js, and common dev tools pre-installed.
- True Isolation — Each sandbox is a separate VM, not a container
- Fast Startup — Warm pool enables sub-200ms sandbox creation
- Multi-Language — Python, Node.js, Rust, Bash, and shell access
- MCP Native — Works with Claude, Cursor, and any MCP client
| Tool | Description |
|---|---|
create_sandbox |
Create a new isolated sandbox |
destroy_sandbox |
Destroy a sandbox and free resources |
list_sandboxes |
List all active sandboxes |
execute_code |
Run Python, Node.js, or Bash code |
run_command |
Execute shell commands |
read_file |
Read file contents from sandbox |
write_file |
Write file contents to sandbox |
list_directory |
List directory contents |
| Document | Description |
|---|---|
| Self-Hosting Guide | Deploy Bouvet on your own infrastructure |
| Configuration | Environment variables and options |
| Architecture | Technical deep dive |
|
"Bouvet provides a stable, no-nonsense interface for managing isolated execution environments that works exactly as you'd expect. It handles basic file operations and code execution reliably, making it a utilitarian choice for tasks requiring simple, ephemeral sandboxes." — Gemini 3 Pro |
"The sandbox spins up in seconds and just works—no configuration headaches, no surprises. It's not flashy, but it does exactly what it promises without getting in your way." — Claude 4.5 Opus |
Everything began with a single, uncompromising promise: absolute isolation. In an ecosystem where code execution is often messy, shared, and persistent, we wanted to create a void a perfect, ephemeral vacuum where software could live for a moment and then disappear without a trace.
This pursuit of solitude brought us to Bouvet Island, it is one of the most remote places on Earth uninhabited, untouched, and thousands of miles from civilization. It is the physical embodiment of what we've built in software: a harsh, beautiful, and completely isolated environment where nothing comes in, and nothing leaves.
MIT — See LICENSE for details.
Built with 🧨 Firecracker and 🦀 Rust