devcontainer-mcp: Give AI Agents Their Own Dev Environment, Not Yours

devcontainer-mcp is an MCP server that lets AI coding agents (Copilot, Claude, Cursor, any MCP client) create, manage, and work inside dev containers across three backends: local Docker, DevPod, and GitHub Codespaces. The agent builds, tests, and ships code in an isolated container — your laptop stays clean.

The Problem

When AI agents write code, they run it on your host machine, causing:

• Host contamination — agents install packages, modify PATH, leave build artifacts
• "Works on my machine" — agents assume your local toolchain matches production
• No isolation — one project's dependencies break another
• Security risk — agents run arbitrary commands with your user privileges
• Hardware constraints — you're limited to your local machine's resources

The Solution

The devcontainer spec already defines reproducible, container-based dev environments. devcontainer-mcp exposes 45 MCP tools (across auth, devcontainer CLI, DevPod, and Codespaces backends) that let any AI agent:

• Spin up a dev container from any repo — locally, on a cloud VM, or in Codespaces
• Run commands inside the container — builds, tests, linting, anything
• Manage the lifecycle — stop, restart, delete when done
• Authenticate against cloud providers (GitHub, AWS, Azure, GCP) without ever seeing a raw token

Quick Install

Linux / macOS:

curl -fsSL https://raw.githubusercontent.com/aniongithub/devcontainer-mcp/main/install.sh | bash

Windows (via WSL):

Invoke-RestMethod https://github.com/aniongithub/devcontainer-mcp/releases/latest/download/install.ps1 | Invoke-Expression

The binary runs inside WSL; MCP clients on Windows launch it via wsl ~/.local/bin/devcontainer-mcp serve. WSL 2 is required.

Backend CLIs (devpod, devcontainer, gh) are detected at runtime — if one is missing, the MCP server returns a helpful error with install instructions. Binaries available for linux-x64, linux-arm64, darwin-x64, darwin-arm64.

Three Backends, One Interface

Auth Broker

The agent never sees raw tokens. Instead:

• auth_status(provider) — list available accounts and scopes
• auth_login(provider, scopes?) — initiate login, opens browser, handles device codes
• auth_select(id) — switch the active account
• auth_logout(id) — revoke credentials

Supported providers: GitHub, AWS, Azure, GCP, Kubernetes. Codespaces tools require an auth handle (e.g. github-aniongithub); the MCP server resolves it to the real token on each call via the CLI's native keyring.

Example Workflow

Agent: "Let me build this project..."

1. auth_status("github") → picks account
2. codespaces_create(auth: "github-you", repo: "your/repo")
3. codespaces_ssh(auth: "github-you", codespace: "...", command: "cargo build")
4. ✅ Built in the cloud. Your laptop did nothing.