yaroshevych/agentsandbox — explained in plain English
Analysis updated 2026-05-18
Sandbox an AI coding agent so it can only read or write files inside one project folder.
Block outbound network access except for the AI provider, GitHub, and npm.
Mount a repo as read-only so an agent can experiment without changing files.
| yaroshevych/agentsandbox | anthonyhann/knowledge-wiki | baiyuetribe/test-heroku | |
|---|---|---|---|
| Stars | 1 | 1 | 1 |
| Language | Shell | Shell | Shell |
| Last pushed | — | — | 2021-06-30 |
| Maintenance | — | — | Dormant |
| Setup difficulty | easy | moderate | hard |
| Complexity | 3/5 | 3/5 | 1/5 |
| Audience | developer | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires Docker installed, setup is a single curl command run inside the project directory.
AgentSandbox is a tool that sets up an isolated Docker container for running AI coding agents, such as Claude Code, Codex, Pi, and OpenCode, inside a specific project directory, without giving them access to the rest of your computer's filesystem or potentially the wider internet. The problem it solves is straightforward: AI coding agents are powerful tools, but running them directly on your machine means they can read or write files anywhere, and can make network connections freely. AgentSandbox wraps them in a container that only sees the one project folder you want them to work in. Installation is a single curl command run from inside your project directory. This runs an interactive wizard that asks which agent you want, which programming language stack to include (Python, Node, Go, or Rust, and you can pick multiple), whether to allow or block outbound network access, and whether to mount the repo as read-only or writable. Once configured, it writes three files into your project: a Dockerfile that describes the container environment, an agents script that launches the chosen agent inside that container, and optionally an init-firewall.sh file when network blocking is selected. With network blocking enabled, outbound traffic from inside the container is restricted via an iptables firewall to only the agent's AI provider endpoint, GitHub, and npm. All other connections are rejected. Agent credentials (API keys and configuration) are mounted into the container from your host machine's config directories, so you do not need to re-authenticate. The generated files are plain text and can be read, edited, or committed to version control.
A command-line tool that wraps AI coding agents like Claude Code in an isolated Docker container so they can only see one project folder, not your whole computer.
Mainly Shell. The stack also includes Docker, Bash, iptables.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.