Isolated sandbox for AI coding agents

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for mathieu.lacage from gravatar.com mathieu.lacage

Unverified details

These details have not been verified by PyPI
Meta
Report project as malware

Project description

agent-leash

Sandbox runner for AI coding agents:

  • Restricts filesystem access to the current directory
  • Custom allow-list to expose more directories as read-only or read-write
  • Intercepts all network traffic with interactive per-domain approval
  • Controls access to host services (podman, docker, ssh-agent, etc.)
$ pipx install agent-leash
$ aleash claude
Sandbox UI available on http://localhost:7612/

aleash demo

How it works

  • Filesystembubblewrap restricts the agent to the current working directory. The rest of the filesystem is read-only or hidden.
  • Networkmitmproxy intercepts all outbound HTTPS. Each new domain triggers a browser popup (and desktop notification). You choose: always allow, allow once, always block, or block once.
  • Web UI — Vue 3 + xterm.js frontend served on localhost:7612. Shows live terminal output, domain decisions

Requirements

Tool Install
bwrap (bubblewrap) dnf install bubblewrap / apt install bubblewrap
xdg-dbus-proxy dnf install xdg-dbus-proxy / apt install xdg-dbus-proxy
Python ≥ 3.11 system or pyenv

mitmproxy is installed automatically as a Python dependency.

Usage

Pass arguments

aleash claude -- --dangerously-skip-permissions
aleash run python script.py --some-flag

Terminal size

By default the local terminal controls the PTY size. The browser shows the fixed-size terminal with scrollbars. Use --browser-master to invert this (browser FitAddon resizes the PTY):

aleash --browser-master claude

Profile override

aleash --profile generic claude   # run claude with the generic profile

Profiles

Profile What it binds
claude ~/.claude, ~/.claude.json, ~/.gitconfig, ~/.local/share/claude
opencode ~/.opencode, ~/.gitconfig, and opencode config/cache dirs
generic nothing extra

claude and opencode are auto-detected by binary name. Use --profile to override.

Data

All state lives in CWD/.aleash/:

Path Content
CWD/.aleash/data.db SQLite: sessions, terminal logs, domain decisions
~/.mitmproxy/ mitmproxy CA cert (auto-generated on first run)

Delete CWD/.aleash/data.db to reset all history.

Contributing

See CONTRIBUTING.md.

License

MIT — see LICENSE.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for mathieu.lacage from gravatar.com mathieu.lacage

Unverified details

These details have not been verified by PyPI
Meta

Release history Release notifications | RSS feed

0.8.0

This version

0.7.0

0.6.0

0.4.0

0.3.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

agent_leash-0.7.0.tar.gz (376.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

agent_leash-0.7.0-py3-none-any.whl (130.2 kB view details)

Uploaded Python 3

File details

Details for the file agent_leash-0.7.0.tar.gz.

File metadata

  • Download URL: agent_leash-0.7.0.tar.gz
  • Upload date:
  • Size: 376.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for agent_leash-0.7.0.tar.gz
Algorithm Hash digest
SHA256 a832ecf528bc1a36c10f399ca040f805b781e24a63fd69e628f35e1bc0684458
MD5 a9dcf03b7352ddea1267f47282d6703d
BLAKE2b-256 5558cdf8862d804a5e9178982f4b2f5c7f0d3cfa29c25626e14938eb5654a42e

See more details on using hashes here.

Provenance

The following attestation bundles were made for agent_leash-0.7.0.tar.gz:

Publisher: release.yml on mathieu-lacage/agent-leash

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file agent_leash-0.7.0-py3-none-any.whl.

File metadata

  • Download URL: agent_leash-0.7.0-py3-none-any.whl
  • Upload date:
  • Size: 130.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for agent_leash-0.7.0-py3-none-any.whl
Algorithm Hash digest
SHA256 5163d0eb08654100c72c6ccbbf4d10a287dc42187618448ab4094e41251f4425
MD5 7a31504de2f8cb3e9914d84a7fad1c93
BLAKE2b-256 51d9c3eff5080aca4b31e365e5a61af15419ea3b65743e9c21796286973e10a9

See more details on using hashes here.

Provenance

The following attestation bundles were made for agent_leash-0.7.0-py3-none-any.whl:

Publisher: release.yml on mathieu-lacage/agent-leash

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page