This is still very much an experiment, but it’s been working well for my workflows where I want the AI to have access to a full Julia environment without giving it access to my local network or filesystem, so I thought I’d share in case others are interested!
The server is written in TypeScript/Node.js and manages a pair of Docker containers to keep the host system safe ( 
no guarantees!). High-level overview:
-
The Sandbox: A persistent execution container that is completely network-isolated (
--network none). This is where the Julia REPL lives. -
The Installer: An ephemeral sidecar container that does have network access. It is used exclusively for
Pkg.add()and shares ajulia-depotvolume with the sandbox so new packages are available immediately. -
Stateful Sessions: Variables and modules persist across tool calls within a session.
-
File Output: Plots and data files saved to a specific scratch directory in the container are automatically mapped to a host folder for easy access by the user.
-
Precompiled Stack: I’ve pre-baked a few of my favorite packages (e.g.,
DataFrames,JuMP,CairoMakie) into the image to minimize startup latency.
Let me know what you think!