Isolated sandbox for AI coding agents

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for mathieu.lacage from gravatar.com mathieu.lacage

Unverified details

These details have not been verified by PyPI
Meta
Report project as malware

Project description

agent-leash

Sandbox runner for AI coding agents:

  • Restricts filesystem access to the current directory
  • Custom allow-list to expose more directories as read-only or read-write
  • Intercepts all network traffic with interactive per-domain approval
  • Controls access to host services (podman, docker, ssh-agent, etc.)
$ pipx install agent-leash
$ aleash claude
Sandbox UI available on http://localhost:7612/

aleash demo

How it works

  • Filesystembubblewrap restricts the agent to the current working directory. The rest of the filesystem is read-only or hidden.
  • Networkmitmproxy intercepts all outbound HTTPS. Each new domain triggers a browser popup (and desktop notification). You choose: always allow, allow once, always block, or block once.
  • Web UI — Vue 3 + xterm.js frontend served on localhost:7612. Shows live terminal output, domain decisions

Requirements

Tool Install
bwrap (bubblewrap) dnf install bubblewrap / apt install bubblewrap
xdg-dbus-proxy dnf install xdg-dbus-proxy / apt install xdg-dbus-proxy
Python ≥ 3.11 system or pyenv

mitmproxy is installed automatically as a Python dependency.

Usage

Pass arguments

aleash claude -- --dangerously-skip-permissions
aleash run python script.py --some-flag

Terminal size

By default the local terminal controls the PTY size. The browser shows the fixed-size terminal with scrollbars. Use --browser-master to invert this (browser FitAddon resizes the PTY):

aleash --browser-master claude

Profile override

aleash --profile generic claude   # run claude with the generic profile

Profiles

Profile What it binds
claude ~/.claude, ~/.claude.json, ~/.gitconfig, ~/.local/share/claude
opencode ~/.opencode, ~/.gitconfig, and opencode config/cache dirs
generic nothing extra

claude and opencode are auto-detected by binary name. Use --profile to override.

Data

All state lives in CWD/.aleash/:

Path Content
CWD/.aleash/data.db SQLite: sessions, terminal logs, domain decisions
~/.mitmproxy/ mitmproxy CA cert (auto-generated on first run)

Delete CWD/.aleash/data.db to reset all history.

Contributing

See CONTRIBUTING.md.

License

MIT — see LICENSE.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for mathieu.lacage from gravatar.com mathieu.lacage

Unverified details

These details have not been verified by PyPI
Meta

Release history Release notifications | RSS feed

This version

0.8.0

0.7.0

0.6.0

0.4.0

0.3.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

agent_leash-0.8.0.tar.gz (376.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

agent_leash-0.8.0-py3-none-any.whl (130.5 kB view details)

Uploaded Python 3

File details

Details for the file agent_leash-0.8.0.tar.gz.

File metadata

  • Download URL: agent_leash-0.8.0.tar.gz
  • Upload date:
  • Size: 376.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for agent_leash-0.8.0.tar.gz
Algorithm Hash digest
SHA256 a238767e782d7f03abff7b12e2064a8b8726e3e7466b74d760451ec3753613fc
MD5 27a98f149067474c35858f95ce2f70d4
BLAKE2b-256 22089bcfe077dad05bfa856a035c5186385ec25d57fcebe0a817766de29aada5

See more details on using hashes here.

Provenance

The following attestation bundles were made for agent_leash-0.8.0.tar.gz:

Publisher: release.yml on mathieu-lacage/agent-leash

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file agent_leash-0.8.0-py3-none-any.whl.

File metadata

  • Download URL: agent_leash-0.8.0-py3-none-any.whl
  • Upload date:
  • Size: 130.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for agent_leash-0.8.0-py3-none-any.whl
Algorithm Hash digest
SHA256 a0b57ea3b6ee2ea54d9e1d9519091fbdf596347c36b9363be0157cbbab58f587
MD5 4c3c84b0cebb6367ccd4cd431547f0a0
BLAKE2b-256 224a1a462b286743ed7718490f7dfcf7bb03f3efbea744e38ba53b7b91c45a25

See more details on using hashes here.

Provenance

The following attestation bundles were made for agent_leash-0.8.0-py3-none-any.whl:

Publisher: release.yml on mathieu-lacage/agent-leash

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page