Isolated sandbox for AI coding agents

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for mathieu.lacage from gravatar.com mathieu.lacage

Unverified details

These details have not been verified by PyPI
Meta
Report project as malware

Project description

agent-leash

Sandbox runner for AI coding agents:

  • Restricts filesystem access to the current directory
  • Custom allow-list to expose more directories as read-only or read-write
  • Intercepts all network traffic with interactive per-domain approval
  • Controls access to host services (podman, docker, ssh-agent, etc.)
$ pipx install agent-leash
$ aleash claude
Sandbox UI available on http://localhost:7612/

aleash demo

How it works

  • Filesystembubblewrap restricts the agent to the current working directory. The rest of the filesystem is read-only or hidden.
  • Networkmitmproxy intercepts all outbound HTTPS. Each new domain triggers a browser popup (and desktop notification). You choose: always allow, allow once, always block, or block once.
  • Web UI — Vue 3 + xterm.js frontend served on localhost:7612. Shows live terminal output, domain decisions

Requirements

Tool Install
bwrap (bubblewrap) dnf install bubblewrap / apt install bubblewrap
xdg-dbus-proxy dnf install xdg-dbus-proxy / apt install xdg-dbus-proxy
Python ≥ 3.11 system or pyenv

mitmproxy is installed automatically as a Python dependency.

Usage

Pass arguments

aleash claude -- --dangerously-skip-permissions
aleash run python script.py --some-flag

Terminal size

By default the local terminal controls the PTY size. The browser shows the fixed-size terminal with scrollbars. Use --browser-master to invert this (browser FitAddon resizes the PTY):

aleash --browser-master claude

Profile override

aleash --profile generic claude   # run claude with the generic profile

Profiles

Profile What it binds
claude ~/.claude, ~/.claude.json, ~/.gitconfig, ~/.local/share/claude
opencode ~/.opencode, ~/.gitconfig, and opencode config/cache dirs
generic nothing extra

claude and opencode are auto-detected by binary name. Use --profile to override.

Data

All state lives in CWD/.aleash/:

Path Content
CWD/.aleash/data.db SQLite: sessions, terminal logs, domain decisions
~/.mitmproxy/ mitmproxy CA cert (auto-generated on first run)

Delete CWD/.aleash/data.db to reset all history.

Contributing

See CONTRIBUTING.md.

License

MIT — see LICENSE.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for mathieu.lacage from gravatar.com mathieu.lacage

Unverified details

These details have not been verified by PyPI
Meta

Release history Release notifications | RSS feed

0.8.0

0.7.0

This version

0.6.0

0.4.0

0.3.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

agent_leash-0.6.0.tar.gz (376.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

agent_leash-0.6.0-py3-none-any.whl (130.2 kB view details)

Uploaded Python 3

File details

Details for the file agent_leash-0.6.0.tar.gz.

File metadata

  • Download URL: agent_leash-0.6.0.tar.gz
  • Upload date:
  • Size: 376.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for agent_leash-0.6.0.tar.gz
Algorithm Hash digest
SHA256 df8c44fee4a65022afce961ff39ec7658635c122bcb7b3498a2b435c6fb6cf1e
MD5 f1e7c5fdd153e69ebb8749b70b418929
BLAKE2b-256 604728e5198eff4a23e672c484d69dbf6f7ba9a1ad4ff2246cd53334b75c9bb8

See more details on using hashes here.

Provenance

The following attestation bundles were made for agent_leash-0.6.0.tar.gz:

Publisher: release.yml on mathieu-lacage/agent-leash

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file agent_leash-0.6.0-py3-none-any.whl.

File metadata

  • Download URL: agent_leash-0.6.0-py3-none-any.whl
  • Upload date:
  • Size: 130.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for agent_leash-0.6.0-py3-none-any.whl
Algorithm Hash digest
SHA256 9475e6e5e6c47f189cf2dfc6f6e6a07fcd1d44a464da0b74f26925e8db4a6495
MD5 ef58f9ffa772c1e7498c13628205676c
BLAKE2b-256 8133b9026ea05b9957ec36fcdf99dd33932d001e89173bbb6cffe44ff12e7ada

See more details on using hashes here.

Provenance

The following attestation bundles were made for agent_leash-0.6.0-py3-none-any.whl:

Publisher: release.yml on mathieu-lacage/agent-leash

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page