Did you see the security changes in my fork?
Yes I agree one can always add or dev a package from git. But there’s something about it being in the general registry which gives it some additional status and visibility.
I have integrated the Julia language server so it can do that stuff now. These are the tools provided:
lsp_goto_definition
Jump to the definition of a symbol using Julia LSP.
Uses the Julia Language Server to find where a function, type, or variable
is defined in the code…
lsp_code_actions
Get available code actions (quick fixes, refactorings) for a location using Julia LSP.
Uses the Julia Language Server to get available fixes and refa…
lsp_rename
Rename a symbol across the entire workspace using Julia LSP.
Uses the Julia Language Server to safely rename a function, variable, or type
everywhere…
lsp_document_symbols
List all symbols (functions, types, etc.) in a file using Julia LSP.
Uses the Julia Language Server to get a structured list of all symbols
defined i…
lsp_workspace_symbols
Search for symbols across the entire workspace using Julia LSP.
Uses the Julia Language Server to search for functions, types, and other
symbols by n…
lsp_find_references
Find all references to a symbol using Julia LSP.
Uses the Julia Language Server to find where a function, type, or variable
is used throughout the co…
Hey @kahliburke , I had a look at your fork again, it indeed looks very impressive with lots of improvements and added functionality!
I didn’t have the time yet to play around with it, but since it is far more active than my repo, I also put a link to it in the readme.
Did you see the security changes in my fork?
I am no security expert, I can’t comment on the validity of the modifications you did (like api keys), but for sure they are a good addition. I was more talking about the inherent security problems (which essentially come with every agentic AI system): you give some LLM full access to your computer. If the agent feels like evaluating run('rm -rf ~') in the repl it can just do it. I know that claude code tries to impose some restrictions on folder access and so on, all of which are sidestepped by giving the agent access to this mcp. Since those agents pupulate their context automaticially, by readimg lots of files, webpages and so on, it might be relatively simple to prompt inject and steer them into doing harmful stuff.
If it’s so dangerous that it has to be kept on a leash, then maybe running it inside a container could be a short to medium term solution. I don’t claim to be an expert on these topics, but to keep things moving, it might be better to focus on the core functionalities that differentiate this solution from similar ones available. It really looks like a potentially great package.
There are multiple dangers here. The one that you have to take on is that you’re giving an AI program access to do things somewhat arbitrarily on your system. Sure, you can grant permission to particular tools but by the time you allow it to run arbitrary code in your repl, I mean, yeah there’s nothing scanning it for something like run(`rm [andthensomebadoptionsandpaths]`) (I’m not even going to type it out since it’s going to get sucked in my some model).
The other side of this though, is that you’re also opening up a port where anything that wants to run those sorts of commands can, it’s an open port with no authentication.
At least it was … that is one of the things I’ve added is a basic API key Bearer token auth, and a nonce system that’s used for callbacks from vscode to the MCP server.
(… and added some very helpful(?) mystical creatures if you run MCPRepl.setup() in your project to get all the configuration generated 
)
5 Likes
I think its called Auton.jl.
1 Like
It’s also a very nice package - both appear to be similar in principle to Jules from Colab.
Do you maybe know when we can expect a new release of your fork? Because I have some problems on the main branch and there’s feature branches with lots of commits so might very well be fixed there. Thanks for your work!
Try the feature branch. Yes I do intend to get everything merged in soon. It’s definitely WIP and feel free to submit bug reports.
For more simplicity try feature/standalone-mode-dashboard. It builds on the dashboard functionality which was intended to provide a proxy server which a bunch of Julia sessions could connect to at once. It’s mainly working, but there are still some issues to iron out which is why I haven’t updated the main branch. But if you are feeling adventurous go for it.
1 Like
So ultimately I’ve taken a different path – with the kernel option, it was too hard to get feedback, so I set up Claude to be able to read/write to the terminal directly. Specifically, I use Zellij with two panes (Claude on the left, Julia on the right) and a simple script send-julia that lets the Claude pane write to the REPL, along with another
#!/bin/bash
tmpfile=$(mktemp)
cat > "$tmpfile"
code=$(cat "$tmpfile")
zellij action focus-next-pane && zellij action write-chars -- "$code" && zellij action write 13 && zellij action focus-previous-pane
rm "$tmpfile"
and another script for reading:
#!/bin/bash
lines=${1:-20}
zellij action focus-next-pane && zellij action dump-screen /tmp/julia_pane_output.txt && zellij action focus-previous-pane && tail -n "$lines" /tmp/julia_pane_output.txt
This simple approach has worked reasonably well for me, though it’s fairly limited.
You should come check it out again soon, I’ve been working on a lot of functionality which has proven to be powerful for me so far and there will be more coming soon.
Some things that already exist in the feature branch include support for semantic/vector indexing and search (with Ollama and Qdrant), support for the latest MCP protocol version, optimized tool help and usage instructions to nudge agents to use the tools in the best way, token use optimizations, auto resume of MCP sessions when the REPL is restarted. The proxy version under development sets sights on some further out goals of many-to-many agent/Julia session support and agent-to-agent communication and well as more seamless REPL restart experience, hooks so your project can easily add its own specialized MCP tools, etc.
1 Like