SymPy sandbox MCP server based on FastMCP
Reason this release was yanked:
mistake
Project description
SymPy Sandbox MCP
English | 中文版
A production-focused MCP service that lets agents/LLMs run SymPy safely and efficiently. It combines AST policy checks, runtime resource limits, and prewarmed workers to deliver low-noise, parse-friendly results.
Features
- Single tool:
sympy(input only requirescode) - Prewarmed worker pool to avoid repeated
import sympy - Two-layer safety: AST guard + runtime resource limits
- Compact structured JSON output for low token overhead
- Standardized error codes for reliable auto-retry workflows
Typical Use Cases
- Symbolic algebra, differentiation, integration, equation solving
- MCP tool integration for Codex / Cursor / Claude Desktop / custom MCP clients
- Agent workflows that need controllable failures and clean error signals
Recommended Integration (MCP client via stdio)
Call example:
fastmcp call \
--command 'python -m sym_mcp.server' \
--target sympy \
--input-json '{"code":"import sympy as sp\\nx=sp.Symbol(\"x\")\\nprint(sp.factor(x**2-1))"}'
Client config (python -m, recommended):
{
"mcpServers": {
"sympy-sandbox": {
"command": "python",
"args": ["-m", "sym_mcp.server"]
}
}
}
Client config (installed as sym-mcp):
{
"mcpServers": {
"sympy-sandbox": {
"command": "sym-mcp",
"args": []
}
}
}
Client config (uvx):
{
"mcpServers": {
"sympy-sandbox": {
"command": "uvx",
"args": ["sym-mcp"]
}
}
}
Quick Start
1) Requirements
- Python 3.11+
- Linux / macOS (Linux recommended for production)
2) Install (Tsinghua mirror first)
pip install -i https://pypi.tuna.tsinghua.edu.cn/simple -e .
pip install -i https://pypi.tuna.tsinghua.edu.cn/simple -e ".[dev]"
3) Run server (stdio)
python -m sym_mcp.server
4) Verify tool
fastmcp list --command 'python -m sym_mcp.server'
Tool Contract
Tool name
sympy
Input
code: str
Notes:
- You must
print()final outputs. - If nothing is printed,
outmay be empty.
Output (always compact JSON string)
Success:
{"out":"x**2/2"}
Failure:
{"code":"E_RUNTIME","line":3,"err":"ZeroDivisionError: division by zero","hint":"Runtime error. Check variable types, division-by-zero, or undefined names near the reported line."}
Field definitions:
out: stdout text on successcode: error codeline: user code error line, ornullerr: compact error message (traceback noise removed)hint: fix hint (based on configured hint level)- If
out/err/hintis too long, it will be truncated with...[truncated]
Error Codes
E_AST_BLOCK: blocked by AST safety policyE_SYNTAX: syntax errorE_TIMEOUT: timeoutE_MEMORY: memory limit triggeredE_RUNTIME: general runtime errorE_WORKER: worker communication/state failureE_INTERNAL: internal server error
Recommended Agent Prompt Rules
- Use math-only Python code.
- Only import
sympyormath. - Always
print()final answers. - For multiple outputs, use multiple
print()lines. - On failure, patch minimally near
lineand retry. - For
E_TIMEOUT, reduce scale first; forE_MEMORY, reduce object size/dimension; forE_AST_BLOCK, remove unsafe statements.
Example:
import sympy as sp
x = sp.Symbol("x")
expr = (x + 1)**5
print(sp.expand(expr))
Security Model
Before execution (AST policy)
- Only
sympy/mathimports are allowed - Dangerous capabilities are blocked (
eval,exec,open,__import__, etc.) - Dunder attribute traversal is blocked (e.g.
__class__)
During execution (OS resource limits)
- Per-task CPU time limit + timeout kill
- Per-worker memory limit via
setrlimit - Worker auto-rebuild on failure to keep server healthy
Architecture
src/sym_mcp/server.py: MCP entrypoint and tool registrationsrc/sym_mcp/security/ast_guard.py: AST validationsrc/sym_mcp/executor/worker_main.py: worker loopsrc/sym_mcp/executor/pool.py: async prewarmed process poolsrc/sym_mcp/executor/sandbox.py: restricted execution and stdout capturesrc/sym_mcp/errors/parser.py: error normalization and code mappingsrc/sym_mcp/config.py: runtime configuration
Configuration (Environment Variables)
SYMMCP_POOL_SIZE: worker pool size, default10SYMMCP_EXEC_TIMEOUT_SEC: per execution timeout (sec), default3SYMMCP_MEMORY_LIMIT_MB: memory cap per worker (MB), default150SYMMCP_QUEUE_WAIT_SEC: queue wait timeout (sec), default2SYMMCP_LOG_LEVEL: log level, defaultINFOSYMMCP_MAX_OUTPUT_CHARS: output truncation threshold, default1200SYMMCP_HINT_LEVEL: hint level (none/short/medium), defaultmedium
FAQ
Why is out empty?
Most likely the code does not print() the final result.
Why return compact JSON string?
It is easier for agents to parse reliably and reduces token cost.
Is memory limiting always stable on macOS?
setrlimit behavior differs by OS. Linux is preferred for production.
Does it support HTTP/SSE?
Current primary delivery is stdio. HTTP/SSE can be added later via FastMCP transport extensions.
Known Limits
- This is restricted Python execution, not VM/container-grade isolation
- Memory limit behavior is OS-dependent
- Output is truncated at threshold, with
...[truncated]suffix
Development
Run tests
PYTHONPATH=src pytest -q
Benchmark
PYTHONPATH=src python scripts/benchmark.py --concurrency 100 --total 500
Contributing
- Run
PYTHONPATH=src pytest -qbefore submitting PRs - When adding new capabilities, update:
- error code docs
- README examples
- related unit/integration tests
- Publishing process: PUBLISHING.md
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file sym_mcp-0.0.0.post1.dev3.tar.gz.
File metadata
- Download URL: sym_mcp-0.0.0.post1.dev3.tar.gz
- Upload date:
- Size: 25.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0278cf8888ef853f59a5d54b2afcc70a5d19134cb254846a08816ab5e31dcc8a
|
|
| MD5 |
eeab615a1c4110c7072f37992a9c5dca
|
|
| BLAKE2b-256 |
53ef18059190b0719edb522751325c85ccb778290d2288ace395815041c8a654
|
Provenance
The following attestation bundles were made for sym_mcp-0.0.0.post1.dev3.tar.gz:
Publisher:
pypi-publish.yml on Eis4TY/Sym-MCP
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
sym_mcp-0.0.0.post1.dev3.tar.gz -
Subject digest:
0278cf8888ef853f59a5d54b2afcc70a5d19134cb254846a08816ab5e31dcc8a - Sigstore transparency entry: 1008324139
- Sigstore integration time:
-
Permalink:
Eis4TY/Sym-MCP@2871bf711eac4e666a0e068792f9fd2fde96648b -
Branch / Tag:
refs/heads/main - Owner: https://github.com/Eis4TY
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
pypi-publish.yml@2871bf711eac4e666a0e068792f9fd2fde96648b -
Trigger Event:
workflow_dispatch
-
Statement type:
File details
Details for the file sym_mcp-0.0.0.post1.dev3-py3-none-any.whl.
File metadata
- Download URL: sym_mcp-0.0.0.post1.dev3-py3-none-any.whl
- Upload date:
- Size: 16.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9a9fe2d2503ca37c076edf234db9a9bcfe47050dea87016698cd6c04121bb514
|
|
| MD5 |
39cb3fd2ca33822d8ae5573622992935
|
|
| BLAKE2b-256 |
c2f7759bbbe95a9456072a6ef5968a7a6c7bb44308d3e029e3bce259ab2e8094
|
Provenance
The following attestation bundles were made for sym_mcp-0.0.0.post1.dev3-py3-none-any.whl:
Publisher:
pypi-publish.yml on Eis4TY/Sym-MCP
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
sym_mcp-0.0.0.post1.dev3-py3-none-any.whl -
Subject digest:
9a9fe2d2503ca37c076edf234db9a9bcfe47050dea87016698cd6c04121bb514 - Sigstore transparency entry: 1008324142
- Sigstore integration time:
-
Permalink:
Eis4TY/Sym-MCP@2871bf711eac4e666a0e068792f9fd2fde96648b -
Branch / Tag:
refs/heads/main - Owner: https://github.com/Eis4TY
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
pypi-publish.yml@2871bf711eac4e666a0e068792f9fd2fde96648b -
Trigger Event:
workflow_dispatch
-
Statement type: