Isolated sandbox for AI coding agents

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for mathieu.lacage from gravatar.com mathieu.lacage

Unverified details

These details have not been verified by PyPI
Meta
Report project as malware

Project description

agent-leash

Sandbox runner for AI coding agents:

  • Restricts filesystem access to the current directory
  • Custom allow-list to expose more directories as read-only or read-write
  • Intercepts all network traffic with interactive per-domain approval
  • Controls access to host services (podman, docker, ssh-agent, etc.)
$ pipx install agent-leash
$ aleash claude
Sandbox UI available on http://localhost:7612/

aleash demo

How it works

  • Filesystembubblewrap restricts the agent to the current working directory. The rest of the filesystem is read-only or hidden.
  • Networkmitmproxy intercepts all outbound HTTPS. Each new domain triggers a browser popup (and desktop notification). You choose: always allow, allow once, always block, or block once.
  • Web UI — Vue 3 + xterm.js frontend served on localhost:7612. Shows live terminal output, domain decisions

Requirements

Tool Install
bwrap (bubblewrap) dnf install bubblewrap / apt install bubblewrap
xdg-dbus-proxy dnf install xdg-dbus-proxy / apt install xdg-dbus-proxy
Python ≥ 3.11 system or pyenv

mitmproxy is installed automatically as a Python dependency.

Usage

Pass arguments

aleash claude -- --dangerously-skip-permissions
aleash run python script.py --some-flag

Terminal size

By default the local terminal controls the PTY size. The browser shows the fixed-size terminal with scrollbars. Use --browser-master to invert this (browser FitAddon resizes the PTY):

aleash --browser-master claude

Profile override

aleash --profile generic claude   # run claude with the generic profile

Profiles

Profile What it binds
claude ~/.claude, ~/.claude.json, ~/.gitconfig, ~/.local/share/claude
opencode ~/.opencode, ~/.gitconfig, and opencode config/cache dirs
generic nothing extra

claude and opencode are auto-detected by binary name. Use --profile to override.

Data

All state lives in CWD/.aleash/:

Path Content
CWD/.aleash/data.db SQLite: sessions, terminal logs, domain decisions
~/.mitmproxy/ mitmproxy CA cert (auto-generated on first run)

Delete CWD/.aleash/data.db to reset all history.

Contributing

See CONTRIBUTING.md.

License

MIT — see LICENSE.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for mathieu.lacage from gravatar.com mathieu.lacage

Unverified details

These details have not been verified by PyPI
Meta

Release history Release notifications | RSS feed

0.8.0

0.7.0

0.6.0

This version

0.4.0

0.3.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

agent_leash-0.4.0.tar.gz (377.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

agent_leash-0.4.0-py3-none-any.whl (130.6 kB view details)

Uploaded Python 3

File details

Details for the file agent_leash-0.4.0.tar.gz.

File metadata

  • Download URL: agent_leash-0.4.0.tar.gz
  • Upload date:
  • Size: 377.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for agent_leash-0.4.0.tar.gz
Algorithm Hash digest
SHA256 c754eaef7eb7abec0caebc00a8b8db12507cbc68d627a82b4a94be6e51936ba9
MD5 35f4ba8815ac4d8b7ecaa50099a44133
BLAKE2b-256 a88fd9d00292241b2d3e19a096535170d43e654001c7a655dc3489f7bd55612b

See more details on using hashes here.

Provenance

The following attestation bundles were made for agent_leash-0.4.0.tar.gz:

Publisher: release.yml on mathieu-lacage/agent-leash

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file agent_leash-0.4.0-py3-none-any.whl.

File metadata

  • Download URL: agent_leash-0.4.0-py3-none-any.whl
  • Upload date:
  • Size: 130.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for agent_leash-0.4.0-py3-none-any.whl
Algorithm Hash digest
SHA256 a7316ac50776654e0d878f4a22c0753e6c86d075645d321fbe802f1c632223d2
MD5 fef1dec68c76d37f1243e865a6575ed0
BLAKE2b-256 ea9db0f99a9f693bfd82c9b55f0dd60438225c24efc8a2156b4454341486de4d

See more details on using hashes here.

Provenance

The following attestation bundles were made for agent_leash-0.4.0-py3-none-any.whl:

Publisher: release.yml on mathieu-lacage/agent-leash

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page