Run MCP servers securely in containers with one config change.

MCP servers run with your full user permissions. SSH keys, AWS credentials, browser cookies — all visible to any MCP server you install.

One word change. Full container isolation.

Before:

{
  "mcpServers": {
    "sqlite": {
      "command": "uvx",
      "args": [
        "mcp-server-sqlite", 
        "--db-path", 
        "~/data/mydb.sqlite"]
    }
  }
}

After:

{
  "mcpServers": {
    "sqlite": {
      "command": "run-mcp",
      "args": [
        "uvx", 
        "mcp-server-sqlite", 
        "--db-path", 
        "/data/mydb.sqlite"
      ],
      "env": {
        "MCP_DATA_DIR": "~/data"
      }
    }
  }
}

The server runs in a container with zero access to your host — unless you explicitly grant it.

macOS / Linux (Homebrew)

brew tap serverless-dna/tap
brew install run-mcp

Windows (PowerShell)

irm https://raw.githubusercontent.com/serverless-dna/run-mcp/main/install/win-installer.ps1 | iex

Linux (curl)

curl -fsSL https://raw.githubusercontent.com/serverless-dna/run-mcp/main/install/install.sh | sh

1. Install run-mcp (see above)
2. Ensure Docker or Podman container runtime is running
3. Update your Claude Desktop config:

{
  "mcpServers": {
    "memory": {
      "command": "run-mcp",
      "args": ["npx", "@modelcontextprotocol/server-memory"]
    }
  }
}

4. Restart Claude Desktop

That's it. The server runs in complete isolation.

Read-only filesystem access:

{
  "command": "run-mcp",
  "args": ["npx", "@modelcontextprotocol/server-filesystem", "/docs"],
  "env": {
    "MCP_MOUNT": "~/Documents:/docs:ro"
  }
}

AWS credentials (read-only):

{
  "command": "run-mcp",
  "args": ["uvx", "awslabs.aws-api-mcp-server"],
  "env": {
    "MCP_MOUNT": "~/.aws:/home/mcp/.aws:ro",
    "AWS_REGION": "us-east-1"
  }
}

See docs/examples.md for more.

• Configuration Guide — Environment variables and options
• Mount Options — Controlling filesystem access
• Container Images — Supported runtimes and versions
• Examples — Common MCP server configurations
• Troubleshooting — Common issues and fixes
• Development — Building and contributing

1. Replace uvx or npx with run-mcp
2. Add the original command as the first argument
3. Use MCP_DATA_DIR to grant explicit filesystem access

run-mcp auto-detects your container runtime (Docker, Podman) and runs the MCP server in an isolated container. No Docker knowledge required.

• A container runtime: Docker, Podman, or compatible
• That's it

MIT

• Blog Post
• Container Images