Container wrapper for running AI coding agents in isolated, secure containers

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for bbrowning from gravatar.com bbrowning

Unverified details

These details have not been verified by PyPI
Meta
Classifiers
Report project as malware

Project description

Paude

Run AI coding agents in secure containers. They make commits, you pull them back.

Supported Agents

Agent Flag Status
Claude Code --agent claude (default) Supported
Cursor CLI --agent cursor Supported
Gemini CLI --agent gemini Supported
OpenClaw --agent openclaw Supported

Agents are installed automatically inside the container — no local agent installation needed. You just need authentication credentials for your chosen provider.

Why Paude?

  • Isolated execution: Your agent runs in a container, not on your host machine
  • Safe autonomous mode: Enable --yolo without fear — the agent can't send your code anywhere
  • Git-based workflow: The agent commits inside the container, you git pull the changes
  • Run anywhere: Locally with Podman or Docker, remotely via SSH, or on OpenShift

Demo

asciicast

The demo shows Claude Code, but the workflow is identical with other agents.

Quick Start

Prerequisites

Container runtime: Podman or Docker for local use, or an OpenShift cluster for remote execution.

Authentication — set up credentials for your chosen provider:

Google Cloud / Vertex AI (Claude Code, Gemini CLI, OpenClaw)

Install the Google Cloud SDK, then:

gcloud auth application-default login

Set your project (find the ID in Google Cloud Console):

# Claude Code via Vertex
export CLAUDE_CODE_USE_VERTEX=1
export ANTHROPIC_VERTEX_PROJECT_ID=your-project-id
export GOOGLE_CLOUD_PROJECT=your-project-id

# Gemini CLI / OpenClaw via Vertex
export GOOGLE_CLOUD_PROJECT=your-project-id
Anthropic API key (Claude Code, OpenClaw) 
export ANTHROPIC_API_KEY=your-api-key

For OpenClaw, also pass --provider anthropic:

paude create --agent openclaw --provider anthropic ...
OpenAI API key (OpenClaw) 
export OPENAI_API_KEY=your-api-key
paude create --agent openclaw --provider openai ...
Cursor 
agent login  # or set CURSOR_API_KEY=your-api-key

macOS note: On Mac hosts, CURSOR_API_KEY is the simplest authentication method. Without it, each paude session requires a separate browser-based OAuth login via agent login inside the container.

Install

uv tool install paude

First run: Paude pulls container images on first use. This takes a few minutes; subsequent runs start immediately.

Your First Session

# OpenClaw — browser-based, no local agent install needed
paude create --agent openclaw --allowed-domains "default openclaw" my-project

# Claude Code (default)
cd your-project
paude create --yolo --git my-project

# Cursor CLI
paude create --agent cursor --yolo --git my-project

# Gemini CLI
paude create --agent gemini --yolo --git my-project

# Connect to a CLI agent's running session
paude connect my-project

# Pull the agent's commits (use your branch name):
git pull paude-my-project main

You'll know it's working when: For CLI agents, paude connect shows the agent interface and git pull brings back commits. For OpenClaw, paude connect prints a URL — open it in your browser.

OpenTelemetry Export

Export agent telemetry (metrics, logs, traces) to any OTLP-compatible collector:

paude create --otel-endpoint http://collector:4318 my-project

The endpoint hostname is automatically added to the proxy allowlist and non-standard ports (like 4318) are opened in the squid proxy. Supported agents: Claude Code, Gemini CLI, OpenClaw. Set otel-endpoint in ~/.config/paude/defaults.json to apply globally.

Passing a Task

paude create --yolo my-project -a '-p "refactor the auth module"'

Or just start the session and type your request in the agent interface.

Something Not Working?

  • Run paude --help for all options and examples
  • Run paude list to check session status
  • Use paude create --dry-run to verify configuration
  • Use paude start -v for verbose output (shows sync progress)
  • Check credentials: gcloud auth application-default print-access-token (Vertex/Gemini) or verify your API key is exported

Learn more:

How It Works

Your Machine                    Container
    |                              |
    |-- git push ----------------▶ |  Agent works here
    |                              |  (network-filtered)
    ◀-- git pull -----------------|
    |                              |
  • Git is the sync mechanism — your local files stay untouched until you pull
  • --yolo is safe because network filtering blocks the agent from sending data to arbitrary URLs
  • The agent can only reach its API (e.g., Vertex AI) and package registries (e.g., PyPI) by default

Install from Source

git clone https://github.com/bbrowning/paude
cd paude
uv venv --python 3.12 --seed
source .venv/bin/activate
pip install -e .

Requirements

  • Python 3.11+ (for the Python package)
  • Podman or Docker (for local backend)
  • OpenShift CLI oc (for OpenShift backend)
  • Auth credentials for your provider (Google Cloud SDK, API key, etc.)

Development

See CONTRIBUTING.md for development setup, testing, and release instructions.

License

MIT

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for bbrowning from gravatar.com bbrowning

Unverified details

These details have not been verified by PyPI
Meta
Classifiers

Release history Release notifications | RSS feed

0.20.0a2 pre-release

0.20.0a1 pre-release

0.15.0

0.15.0rc6 pre-release

0.15.0rc5 pre-release

This version

0.15.0rc4 pre-release

0.15.0rc3 pre-release

0.15.0rc2 pre-release

0.15.0rc1 pre-release

0.14.2

0.14.1

0.14.0

0.13.0

0.12.2

0.12.1

0.12.0

0.11.1

0.11.0

0.10.1

0.10.0

0.9.1

0.9.1rc4 pre-release

0.9.1rc3 pre-release

0.9.0

0.8.2

0.8.1

0.8.0

0.7.3

0.7.2

0.7.1

0.7.0

0.6.0

0.5.0

0.4.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

paude-0.15.0rc4.tar.gz (344.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

paude-0.15.0rc4-py3-none-any.whl (200.9 kB view details)

Uploaded Python 3

File details

Details for the file paude-0.15.0rc4.tar.gz.

File metadata

  • Download URL: paude-0.15.0rc4.tar.gz
  • Upload date:
  • Size: 344.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for paude-0.15.0rc4.tar.gz
Algorithm Hash digest
SHA256 66a8aa92b98f20ebc760b1bf61ab569a3704ad1014966c84849277b4aad85d6b
MD5 4fbf4731dc3f03b60c30e89de453d981
BLAKE2b-256 54a2bb77179fc2d5af180d6f3c016f4bc9103b20d7814e18de539e74a8e95be0

See more details on using hashes here.

Provenance

The following attestation bundles were made for paude-0.15.0rc4.tar.gz:

Publisher: release.yml on bbrowning/paude

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file paude-0.15.0rc4-py3-none-any.whl.

File metadata

  • Download URL: paude-0.15.0rc4-py3-none-any.whl
  • Upload date:
  • Size: 200.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for paude-0.15.0rc4-py3-none-any.whl
Algorithm Hash digest
SHA256 0265af0eb84eddeff03e81f6ffd079e63b8304b3b2265448c9ef5344a1195a43
MD5 a8f5340683acdb87ba68cd0bcd1dca6a
BLAKE2b-256 01fcffc53efd560ccb3f76580cafb085081a30629235b59a686a2925251d12bf

See more details on using hashes here.

Provenance

The following attestation bundles were made for paude-0.15.0rc4-py3-none-any.whl:

Publisher: release.yml on bbrowning/paude

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page