/ Directory / Playground / pctx
← All servers ↗ GitHub
● Community portofcontext ⚡ Instant

pctx

by portofcontext · portofcontext/pctx

Run MCP tool calls as sandboxed JavaScript — one code block replaces many sequential calls, saving tokens and isolating credentials.

pctx (Port of Context) is an execution layer that converts MCP servers into JS functions callable from inside Deno sandboxes. The LLM writes code that composes many tool calls at once; pctx runs it with no filesystem/env access and network allowlisting. Credentials stay at the pctx layer — the LLM never sees them.

▶ Watch demo 📦 Install 💡 Use Cases

Why use it

Key features

Live Demo

What it looks like in practice

pctx.replay ▶ ready
0/0

Install

Pick your client

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "pctx": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/portofcontext/pctx"
      ],
      "_inferred": true
    }
  }
}

Open Claude Desktop → Settings → Developer → Edit Config. Restart after saving.

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "pctx": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/portofcontext/pctx"
      ],
      "_inferred": true
    }
  }
}

Cursor uses the same mcpServers schema as Claude Desktop. Project config wins over global.

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "pctx": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/portofcontext/pctx"
      ],
      "_inferred": true
    }
  }
}

Click the MCP Servers icon in the Cline sidebar, then "Edit Configuration".

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "pctx": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/portofcontext/pctx"
      ],
      "_inferred": true
    }
  }
}

Same shape as Claude Desktop. Restart Windsurf to pick up changes.

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "pctx",
      "command": "TODO",
      "args": [
        "See README: https://github.com/portofcontext/pctx"
      ]
    }
  ]
}

Continue uses an array of server objects rather than a map.

~/.config/zed/settings.json
{
  "context_servers": {
    "pctx": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/portofcontext/pctx"
        ]
      }
    }
  }
}

Add to context_servers. Zed hot-reloads on save.

claude mcp add pctx -- TODO 'See README: https://github.com/portofcontext/pctx'

One-liner. Verify with claude mcp list. Remove with claude mcp remove.

Use Cases

Real-world ways to use pctx

Run a chain of 20 tool calls as one code block

👤 Agent builders whose token bills spike on long sequential flows ⏱ ~20 min advanced

When to use: A task needs many tool calls (fetch N issues, enrich each, post summary).

Prerequisites
  • pctx installed and configured — brew install portofcontext/tap/pctx; pctx config add <upstream-mcp>
Flow
  1. Register upstreams with credentials
    pctx config add github --env GITHUB_TOKEN=... and add sentry --env SENTRY_TOKEN=....✓ Copied
    → Upstreams listed
  2. Ask agent to write Code Mode
    In pctx Code Mode, write a function that fetches the 10 newest Sentry issues, for each finds the releasing commit via github, and returns a summary array.✓ Copied
    → Code block + single execution result
  3. Inspect the result
    Summarize the array in English and flag any issue whose releasing commit was by a specific author.✓ Copied
    → Final answer grounded in the data

Outcome: 10x fewer tool-call round-trips, major token savings, same result.

Pitfalls
  • Sandboxed code errors are opaque if you don't surface stderr — Wrap the code in try/catch and print caught errors so the LLM can self-correct
  • Network allowlist too tight — legitimate calls blocked — Start broad, narrow based on actual host usage from logs
Combine with: github · sentry

Isolate credentials from the LLM

👤 Security-conscious teams adopting MCPs ⏱ ~15 min intermediate

When to use: Your threat model says 'LLM must never see the token in any form'.

Flow
  1. Store creds in pctx
    Add a keychain-backed credential to pctx for github.✓ Copied
    → Credential stored, not visible to callers
  2. Verify from the other side
    Ask the LLM to 'print the GitHub token' — confirm it cannot.✓ Copied
    → LLM has no way to access the secret

Outcome: A reproducible answer to 'can the LLM exfiltrate our tokens?' — no.

Aggregate many MCPs into one sandboxed code interface

👤 Teams wanting a single safe surface ⏱ ~25 min advanced

When to use: You want Code Mode semantics across github, postgres, filesystem in one place.

Flow
  1. Register each
    Add github, postgres (read-only), and filesystem (scoped to /data) to pctx.✓ Copied
    → All three callable from code
  2. Write a cross-MCP job
    Write pctx code that reads a SQL query result and writes CSV to /data/out.csv, then creates a GitHub gist with that CSV.✓ Copied
    → Single execution, three upstreams used

Outcome: A unified, sandboxed execution plane for mixed-upstream workflows.

Combine with: github · postgres · filesystem

Combinations

Pair with other MCPs for X10 leverage

pctx + github + sentry

Cross-reference Sentry issues with GitHub commits in one sandboxed code block

Via pctx Code Mode: for every new Sentry issue, find the GitHub commit that introduced it and return a table.✓ Copied
pctx + postgres

Query + transform + export in one sandbox

pctx code that runs a Postgres read, pivots the result in JS, and writes /data/report.json.✓ Copied

Tools

What this MCP exposes

ToolInputsWhen to callCost
execute_code code: str (JavaScript, access to injected MCP SDK) Anytime the task needs >2 tool calls that compose upstream tool calls inside the code
list_upstream_tools (none) Agent discovery — what's available to call from code free

Cost & Limits

What this costs to run

API quota
No pctx quota; upstream calls inside code incur their own
Tokens per call
Code Mode is far cheaper token-wise than many sequential tool calls
Monetary
Free, open source
Tip
For tasks over 5 tool calls, Code Mode typically saves 50%+ tokens vs sequential calling.

Security

Permissions, secrets, blast radius

Credential storage: Env vars, OS keychain, or external command — LLM never sees credentials
Data egress: Only to hosts explicitly allowlisted per upstream
Never grant: Allowlist the open internet in the sandbox — pin to specific hosts

Troubleshooting

Common errors and fixes

Network denied in sandbox

Add the host to the upstream's allowlist in pctx config.

Verify: pctx config show
Credential not injected

Credential name mismatch; pctx logs the resolved key on startup.

Verify: pctx run --debug
Code Mode returns a vague 'sandbox violation'

Enable verbose logs; most violations are env or FS access attempts the LLM shouldn't make.

Verify: pctx logs --tail

Alternatives

pctx vs others

AlternativeWhen to use it insteadTradeoff
proxy-2 / 1mcp-agentYou want aggregation but not Code Mode / sandboxingLLM calls each tool separately; can see whatever the MCP returns
Bare execution via shell MCPYou want code execution but don't need MCP proxyingNo credential isolation, no allowlist

More

Resources

📖 Read the official README on GitHub

🐙 Browse open issues

🔍 Browse all 400+ MCP servers and Skills