Analysis updated 2026-05-18
Let Claude Code work unattended on a feature branch without any risk of it modifying your local repo directly.
Run Codex or OpenCode on a long multi-step task over an SSH session and review all changes as a git diff before accepting them.
Restrict an AI coding agent's network access to a specific allowlist of domains while still giving it full freedom inside the sandbox.
Keep a persistent tmux-backed agent session running on a remote server and reconnect later to review its committed output.
| trivo25/code-airlock | anmoln7/agent-standard-oss | dockur/proxmox-backup | |
|---|---|---|---|
| Stars | 7 | 5 | 10 |
| Language | Shell | Shell | Shell |
| Setup difficulty | hard | easy | moderate |
| Complexity | 3/5 | 2/5 | 3/5 |
| Audience | developer | developer | ops devops |
Figures from each repo's GitHub metadata at analysis time.
Requires Docker Sandboxes with KVM virtualization support installed separately before code-airlock itself.
Code Airlock is a shell tool that runs AI coding agents (such as Claude Code, Codex, or OpenCode) inside a disposable microVM so they cannot touch your actual codebase while working. The agent gets full freedom to install packages, run tests, read logs, and iterate inside a sandboxed copy of your project. Your host repo stays read-only the entire time. When the agent is done, its changes come back as ordinary git commits that you review and merge only when satisfied. The core safety model is straightforward. Docker Sandboxes (a Docker product) creates a private clone of your repo inside a virtual machine. The agent commits its edits to that clone, not to your working copy. You then run fetch, diff, and merge commands from your host machine to inspect what the agent did before anything lands in your real repository. If the agent makes a mess, you discard the sandbox and start over. The reason this is useful is that AI coding agents work best when they can act without asking for permission at every step. Run a test, see it fail, install a missing dependency, re-run, iterate. Restricting every individual shell command degrades the agent into a slow helper. Code Airlock moves the main boundary below the agent rather than inside it, letting the agent work more freely inside a disposable environment while the review gate stays on your side. Setup involves installing Docker Sandboxes separately (the tool that provides the microVM layer), then installing code-airlock via npm or a shell installer. A doctor command checks that all prerequisites are in place before you launch anything. From inside your project folder, one command starts the agent in a sandbox, another lets you review its commits, and a final merge brings accepted changes home. The tool also supports running agents over SSH with tmux so you can disconnect and reconnect without stopping the session. Network access inside the sandbox can be restricted to an allowlist of approved domains, such as model APIs and package registries, if you want an additional layer of containment.
A shell wrapper that runs AI coding agents like Claude Code inside a disposable microVM, keeping your local repo read-only while the agent works, and letting you review all changes as git commits before merging.
Mainly Shell. The stack also includes Shell, Docker Sandboxes, Git.
No license information was mentioned in the README.
Setup difficulty is rated hard, with roughly 1h+ to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.