execboxPortable code execution for MCP tools

Turn host tool catalogs into callable code, add defense-in-depth controls around guest execution, and choose the boundary that fits your deployment.

Code-first tool use

Let agents write code against typed tool namespaces instead of serializing every intermediate step back through tool calls.

Start with in-process QuickJS, move to worker threads or child processes, or push execution behind your own remote transport.

Wrap upstream MCP tools into guest namespaces and expose execbox execution back out as MCP tools for downstream clients.

Execbox is a Node.js library for running guest JavaScript against host-defined tools and wrapped MCP servers. It separates:

That split gives you one execution contract across QuickJS, worker-thread, child-process, remote, and isolated-vm backends.

Backend	Package	Start here when
In-process QuickJS	`@execbox/quickjs`	You want the easiest install and the default development path.
Worker-backed QuickJS	`@execbox/worker`	You want the runtime off the main thread with pooled worker reuse.
Process-backed QuickJS	`@execbox/process`	You want a stronger lifecycle boundary and hard-kill timeout behavior.
Remote transport	`@execbox/remote`	You already own the transport/runtime boundary and want execbox to plug into it.
isolated-vm	`@execbox/isolated-vm`	You explicitly want `isolated-vm` and can support its native/runtime constraints.

Execbox provides defense-in-depth controls around guest code execution:

It provides fresh runtimes, JSON-only boundaries, schema validation, bounded logs, and execution limits.
Hard isolation depends on the executor and deployment boundary you choose.
The provider/tool surface is the capability boundary.

Read Security before deciding which executor to use in production.