Three pieces, working together: a runtime image that bundles a Go toolchain and a tiny HTTP server inside a gVisor-isolated pod, a Go library (pkg/goruntime) that ships source files and shell commands into it, and an MCP server (cmd/mcp-server) that exposes one run_go_code tool to any MCP client — Claude Code, Gemini CLI, Cursor.
Real isolation
Runs Go programs inside a Kubernetes Agent Sandbox — gVisor by default on GKE. The agent writes the code; gVisor’s user-space kernel keeps it from touching the host or the cluster.
State persists across calls
The MCP server holds one sandbox per session. Files written in call N are still there in call N+1; the Go build cache stays warm; binaries built earlier remain executable. Iterating agents pay sub-second per-call latency.
One tool, two clients
Single run_go_code MCP tool. Ready-made config samples for Claude Code (.mcp.json) and Gemini CLI (.gemini/settings.json) ship in the repo — copy, edit the path, restart the client.
Status
Proof of concept, validated end-to-end on:
- kind 0.31 + Kubernetes 1.34 — no sandbox runtime, useful for local development.
- GKE Autopilot 1.36.0-gke.1759000 — agent-sandbox addon enabled, gVisor confirmed active via
runtimeClassName=gvisor.
The MCP server has been driven by Claude Code against real GKE: it iterates, builds, runs, and surfaces compile errors back to the model. See the GKE install guide for the deployment recipe.