Secure AI CLI sandbox
Claude Code, Codex, and Gemini — isolated from your host machine. Go
--yolo safely: skip every permission prompt without handing an agent the keys to
your laptop.
Why aibox
Everything the AI CLIs can touch is contained. Everything you need — git, SSH, your project — stays right where you expect it.
Claude Code, Codex, and Gemini in one container. Switch tools with a single flag.
Non-root user, dropped capabilities, full filesystem isolation. Your host stays untouched.
Separate profiles for work, personal, or client projects. Keep credentials cleanly apart.
SSH keys mounted read-only, macOS-compatible. Commit and push without leaving the box.
Capped at 2 CPU and 4 GB. A runaway agent can't exhaust your machine.
A single docker-compose service. No config files to babysit — run aibox and you're in.
Quick start
Install the CLI, drop into any project, and you're inside a sealed container — no Dockerfiles to write.
Usage
From a quick shell to multi-account workflows — the whole surface is a handful of flags.
Security model
The container runs unprivileged and locked down. Your keys, your files, and your host stay yours.