Secure AI CLI sandbox
Claude Code, Codex, and Gemini run isolated from your host machine. Go
--yolo safely: skip every permission prompt without handing an agent the keys to
your laptop.
Why aibox
Whatever the CLIs touch stays inside the container. Git, SSH, and your project files keep working like they always do.
Claude Code, Codex, and Gemini in one container. Switch tools with a single flag.
A non-root user with every capability dropped. The filesystem is isolated, so your host stays untouched.
Separate profiles for work, personal, or client projects, each with its own credentials.
SSH keys mounted read-only, macOS-compatible. Commit and push without leaving the box.
Capped at 2 CPU and 4 GB. A runaway agent can't exhaust your machine.
One docker-compose service and no config files to babysit. Run aibox and you're in.
Quick start
Install the CLI, drop into any project, and you're inside a sealed container. You never write a Dockerfile.
Usage
The whole CLI is a handful of flags. This is most of what you'll ever type.
Security model
The container runs unprivileged and locked down. If an agent breaks something, it breaks the box, not your machine.