Add file persistence

[BrokenDuck]

Closes #17

Why?

Making pyodide able to persist files would allow a lot of new workflows such as image manipulation or dataframe manipulation. A large file can be uploaded to the MCP server and manipulated in python. The file can later be downloaded.

What?

Add a new CLI option, --mount-fs, activates the persistence.

New MCP tools:

• upload_file: Copy request content to the file in the persistence storage.
• upload_file_from_uri: URI content will be copied to a file in the persistent storage. Any URI supported by fetch is supported.
• retrieve_file: Retrieve file from its filename. Following MCP protocol, a resource link is returned.
• delete_file: Delete a file from the persistence storage.

New MCP Resource:

• Any file uploaded to the MCP server appears as a resource which can be retrieved. A text resource is returned for common file types, otherwise a base 64 blob is returned.

How?

We mount a NODEFS emscripten file system in a temporary directory of the local file system during the run of the MCP Server. Therefore, Deno requires access to the temporary directory.

[DouweM]

@BrokenDuck Sorry for the delay in getting to this!

Letting the model write code that reads and write files makes sense, but I'm not sure about the new MCP tools. Does the LLM need to be able to directly upload/retrieve/delete files, without going through code?

In #22 we're going to let the run_python tool return files by having the code write them to a special directory, so that the LLM (and user) can see the results. Would that be sufficient?

[Kigstn]

@BrokenDuck Sorry for the delay in getting to this!

Letting the model write code that reads and write files makes sense, but I'm not sure about the new MCP tools. Does the LLM need to be able to directly upload/retrieve/delete files, without going through code?

In #22 we're going to let the run_python tool return files by having the code write them to a special directory, so that the LLM (and user) can see the results. Would that be sufficient?

The MCP spec does not support uploading resources as easily as downloading them (via EmbededResource in my PR). A potential idea could be to only support the --mount-fs option, and then clients need to implement the logic of writing the files themselves.

I personally think that adding so many new MCP tools might be a detriment long term - as it is not technically a core functionality :)

[DouweM]

@Kigstn Yeah I don't think we should (need to) add any new MCP tools.

[dani29]

Wanted to follow up on this thread, as I'm considering using this sandbox as part of my Pydantic AI stack (if the pydantic team suggests something better, happy to consider ;)).

We found it very effective to return file paths as tool responses, rather than loading them to the context. It'd be immensely helpful if we can mount a host path into the pyodide sandbox. Typical use-case would be to let an agent write a complex manipulation via Pandas on a large csv file.

Unless I missed something obvious, this isn't really supported, unless I serialize the file contents and pass them through globals. Is there some plan to support something akin to bubblewrap --ro flags?