/ 目录 / 演练场 / pctx
← 全部服务器 ↗ GitHub
● 社区 portofcontext ⚡ 即开即用

pctx

作者 portofcontext · portofcontext/pctx

Run MCP tool calls as sandboxed JavaScript — one code block replaces many sequential calls, saving tokens and isolating credentials.

pctx (Port of Context) is an execution layer that converts MCP servers into JS functions callable from inside Deno sandboxes. The LLM writes code that composes many tool calls at once; pctx runs it with no filesystem/env access and network allowlisting. Credentials stay at the pctx layer — the LLM never sees them.

▶ 观看演示 📦 安装 💡 使用场景

为什么要用

核心特性

实时演示

实际使用效果

pctx.replay ▶ 就绪
0/0

安装

选择你的客户端

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "pctx": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/portofcontext/pctx"
      ],
      "_inferred": true
    }
  }
}

打开 Claude Desktop → Settings → Developer → Edit Config。保存后重启应用。

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "pctx": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/portofcontext/pctx"
      ],
      "_inferred": true
    }
  }
}

Cursor 使用与 Claude Desktop 相同的 mcpServers 格式。项目级配置优先于全局。

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "pctx": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/portofcontext/pctx"
      ],
      "_inferred": true
    }
  }
}

点击 Cline 侧栏中的 MCP Servers 图标,然后选 "Edit Configuration"。

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "pctx": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/portofcontext/pctx"
      ],
      "_inferred": true
    }
  }
}

格式与 Claude Desktop 相同。重启 Windsurf 生效。

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "pctx",
      "command": "TODO",
      "args": [
        "See README: https://github.com/portofcontext/pctx"
      ]
    }
  ]
}

Continue 使用服务器对象数组,而非映射。

~/.config/zed/settings.json
{
  "context_servers": {
    "pctx": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/portofcontext/pctx"
        ]
      }
    }
  }
}

加入 context_servers。Zed 保存后热重载。

claude mcp add pctx -- TODO 'See README: https://github.com/portofcontext/pctx'

一行命令搞定。用 claude mcp list 验证,claude mcp remove 卸载。

使用场景

实战用法: pctx

Run a chain of 20 tool calls as one code block

👤 Agent builders whose token bills spike on long sequential flows ⏱ ~20 min advanced

何时使用: A task needs many tool calls (fetch N issues, enrich each, post summary).

前置条件
  • pctx installed and configured — brew install portofcontext/tap/pctx; pctx config add <upstream-mcp>
步骤
  1. Register upstreams with credentials
    pctx config add github --env GITHUB_TOKEN=... and add sentry --env SENTRY_TOKEN=....✓ 已复制
    → Upstreams listed
  2. Ask agent to write Code Mode
    In pctx Code Mode, write a function that fetches the 10 newest Sentry issues, for each finds the releasing commit via github, and returns a summary array.✓ 已复制
    → Code block + single execution result
  3. Inspect the result
    Summarize the array in English and flag any issue whose releasing commit was by a specific author.✓ 已复制
    → Final answer grounded in the data

结果: 10x fewer tool-call round-trips, major token savings, same result.

注意事项
  • Sandboxed code errors are opaque if you don't surface stderr — Wrap the code in try/catch and print caught errors so the LLM can self-correct
  • Network allowlist too tight — legitimate calls blocked — Start broad, narrow based on actual host usage from logs
搭配使用: github · sentry

Isolate credentials from the LLM

👤 Security-conscious teams adopting MCPs ⏱ ~15 min intermediate

何时使用: Your threat model says 'LLM must never see the token in any form'.

步骤
  1. Store creds in pctx
    Add a keychain-backed credential to pctx for github.✓ 已复制
    → Credential stored, not visible to callers
  2. Verify from the other side
    Ask the LLM to 'print the GitHub token' — confirm it cannot.✓ 已复制
    → LLM has no way to access the secret

结果: A reproducible answer to 'can the LLM exfiltrate our tokens?' — no.

Aggregate many MCPs into one sandboxed code interface

👤 Teams wanting a single safe surface ⏱ ~25 min advanced

何时使用: You want Code Mode semantics across github, postgres, filesystem in one place.

步骤
  1. Register each
    Add github, postgres (read-only), and filesystem (scoped to /data) to pctx.✓ 已复制
    → All three callable from code
  2. Write a cross-MCP job
    Write pctx code that reads a SQL query result and writes CSV to /data/out.csv, then creates a GitHub gist with that CSV.✓ 已复制
    → Single execution, three upstreams used

结果: A unified, sandboxed execution plane for mixed-upstream workflows.

搭配使用: github · postgres · filesystem

组合

与其他 MCP 搭配,撬动十倍杠杆

pctx + github + sentry

Cross-reference Sentry issues with GitHub commits in one sandboxed code block

Via pctx Code Mode: for every new Sentry issue, find the GitHub commit that introduced it and return a table.✓ 已复制
pctx + postgres

Query + transform + export in one sandbox

pctx code that runs a Postgres read, pivots the result in JS, and writes /data/report.json.✓ 已复制

工具

此 MCP 暴露的能力

工具输入参数何时调用成本
execute_code code: str (JavaScript, access to injected MCP SDK) Anytime the task needs >2 tool calls that compose upstream tool calls inside the code
list_upstream_tools (none) Agent discovery — what's available to call from code free

成本与限制

运行它的成本

API 配额
No pctx quota; upstream calls inside code incur their own
每次调用 Token 数
Code Mode is far cheaper token-wise than many sequential tool calls
费用
Free, open source
提示
For tasks over 5 tool calls, Code Mode typically saves 50%+ tokens vs sequential calling.

安全

权限、密钥、影响范围

凭据存储: Env vars, OS keychain, or external command — LLM never sees credentials
数据出站: Only to hosts explicitly allowlisted per upstream
切勿授予: Allowlist the open internet in the sandbox — pin to specific hosts

故障排查

常见错误与修复

Network denied in sandbox

Add the host to the upstream's allowlist in pctx config.

验证: pctx config show
Credential not injected

Credential name mismatch; pctx logs the resolved key on startup.

验证: pctx run --debug
Code Mode returns a vague 'sandbox violation'

Enable verbose logs; most violations are env or FS access attempts the LLM shouldn't make.

验证: pctx logs --tail

替代方案

pctx 对比其他方案

替代方案何时用它替代权衡
proxy-2 / 1mcp-agentYou want aggregation but not Code Mode / sandboxingLLM calls each tool separately; can see whatever the MCP returns
Bare execution via shell MCPYou want code execution but don't need MCP proxyingNo credential isolation, no allowlist

更多

资源

📖 阅读 GitHub 上的官方 README

🐙 查看未解决的 issue

🔍 浏览全部 400+ MCP 服务器和 Skills