Did you see the security changes in my fork?
Yes I agree one can always add or dev a package from git. But there’s something about it being in the general registry which gives it some additional status and visibility.
I have integrated the Julia language server so it can do that stuff now. These are the tools provided:
lsp_goto_definition
Jump to the definition of a symbol using Julia LSP.
Uses the Julia Language Server to find where a function, type, or variable
is defined in the code…
lsp_code_actions
Get available code actions (quick fixes, refactorings) for a location using Julia LSP.
Uses the Julia Language Server to get available fixes and refa…
lsp_rename
Rename a symbol across the entire workspace using Julia LSP.
Uses the Julia Language Server to safely rename a function, variable, or type
everywhere…
lsp_document_symbols
List all symbols (functions, types, etc.) in a file using Julia LSP.
Uses the Julia Language Server to get a structured list of all symbols
defined i…
lsp_workspace_symbols
Search for symbols across the entire workspace using Julia LSP.
Uses the Julia Language Server to search for functions, types, and other
symbols by n…
lsp_find_references
Find all references to a symbol using Julia LSP.
Uses the Julia Language Server to find where a function, type, or variable
is used throughout the co…
Hey @kahliburke , I had a look at your fork again, it indeed looks very impressive with lots of improvements and added functionality!
I didn’t have the time yet to play around with it, but since it is far more active than my repo, I also put a link to it in the readme.
Did you see the security changes in my fork?
I am no security expert, I can’t comment on the validity of the modifications you did (like api keys), but for sure they are a good addition. I was more talking about the inherent security problems (which essentially come with every agentic AI system): you give some LLM full access to your computer. If the agent feels like evaluating run('rm -rf ~') in the repl it can just do it. I know that claude code tries to impose some restrictions on folder access and so on, all of which are sidestepped by giving the agent access to this mcp. Since those agents pupulate their context automaticially, by readimg lots of files, webpages and so on, it might be relatively simple to prompt inject and steer them into doing harmful stuff.
If it’s so dangerous that it has to be kept on a leash, then maybe running it inside a container could be a short to medium term solution. I don’t claim to be an expert on these topics, but to keep things moving, it might be better to focus on the core functionalities that differentiate this solution from similar ones available. It really looks like a potentially great package.
There are multiple dangers here. The one that you have to take on is that you’re giving an AI program access to do things somewhat arbitrarily on your system. Sure, you can grant permission to particular tools but by the time you allow it to run arbitrary code in your repl, I mean, yeah there’s nothing scanning it for something like run(`rm [andthensomebadoptionsandpaths]`) (I’m not even going to type it out since it’s going to get sucked in my some model).
The other side of this though, is that you’re also opening up a port where anything that wants to run those sorts of commands can, it’s an open port with no authentication.
At least it was … that is one of the things I’ve added is a basic API key Bearer token auth, and a nonce system that’s used for callbacks from vscode to the MCP server.
(… and added some very helpful(?) mystical creatures if you run MCPRepl.setup() in your project to get all the configuration generated 
)
4 Likes
I think its called Auton.jl.
1 Like
It’s also a very nice package - both appear to be similar in principle to Jules from Colab.