Open Bug 2035840 Opened 23 days ago Updated 18 days ago

Add documentation and guidelines about MCP sandboxing

Categories

(Developer Infrastructure :: Firefox MCP, task)

Product:
Developer Infrastructure
Component:
Firefox MCP
Type:
task

Tracking

(Not tracked)

People

(Reporter: jdescottes, Unassigned)

Details

Sandboxing MCP servers spawned by AI agents is not trivial.

In Claude's case, the MCP servers are not impacted by the sandbox of Claude code.

There is an alternative which is to start the MCP wrapped in srt (sandbox runtime) provided by Anthropic at https://github.com/anthropic-experimental/sandbox-runtime

      "mcpServers": {
        "firefox-devtools": {
          "type": "stdio",
          "command": "srt",
          "args": [
            "node",
            "/Users/username/path/to/firefox-devtools-mcp/dist/index.js",
            "--profile-path",
            "/path/to/profile/firefox-devtools-mcp",
            "--enable-script"
          ]
        }
      },
  • ~/.srt-settings.json
{
  "filesystem": {
    "denyRead": [],
    "allowWrite": ["."],
    "denyWrite": []
  },
  "network": {
    "allowedDomains": [],
    "deniedDomains": []
  }
}

We will need to test this in more details. At the moment I verified that with a strict sandbox which didn't have access to the --profile-path folder, the MCP is not allowed to start firefox. Next step will be to find good defaults we can recommend for a safer usage of the MCP.

You need to log in before you can comment on or make changes to this bug.