explaingit

trivo25/code-airlock

Analysis updated 2026-05-18

7ShellAudience · developerComplexity · 3/5Setup · hard

TLDR

A shell wrapper that runs AI coding agents like Claude Code inside a disposable microVM, keeping your local repo read-only while the agent works, and letting you review all changes as git commits before merging.

Mindmap

mindmap
  root((code-airlock))
    How it works
      MicroVM clone of repo
      Agent commits inside VM
      Host repo stays read-only
      Review before merge
    Supported agents
      Claude Code
      Codex
      OpenCode
    Key commands
      up starts sandbox
      fetch diff review merge
      doctor checks prereqs
    Safety features
      Disposable VM
      Network allowlist
      No host write access
    Setup
      Docker Sandboxes
      npm install code-airlock
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Let Claude Code work unattended on a feature branch without any risk of it modifying your local repo directly.

USE CASE 2

Run Codex or OpenCode on a long multi-step task over an SSH session and review all changes as a git diff before accepting them.

USE CASE 3

Restrict an AI coding agent's network access to a specific allowlist of domains while still giving it full freedom inside the sandbox.

USE CASE 4

Keep a persistent tmux-backed agent session running on a remote server and reconnect later to review its committed output.

What is it built with?

ShellDocker SandboxesGit

How does it compare?

trivo25/code-airlockanmoln7/agent-standard-ossdockur/proxmox-backup
Stars7510
LanguageShellShellShell
Setup difficultyhardeasymoderate
Complexity3/52/53/5
Audiencedeveloperdeveloperops devops

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1h+

Requires Docker Sandboxes with KVM virtualization support installed separately before code-airlock itself.

No license information was mentioned in the README.

In plain English

Code Airlock is a shell tool that runs AI coding agents (such as Claude Code, Codex, or OpenCode) inside a disposable microVM so they cannot touch your actual codebase while working. The agent gets full freedom to install packages, run tests, read logs, and iterate inside a sandboxed copy of your project. Your host repo stays read-only the entire time. When the agent is done, its changes come back as ordinary git commits that you review and merge only when satisfied. The core safety model is straightforward. Docker Sandboxes (a Docker product) creates a private clone of your repo inside a virtual machine. The agent commits its edits to that clone, not to your working copy. You then run fetch, diff, and merge commands from your host machine to inspect what the agent did before anything lands in your real repository. If the agent makes a mess, you discard the sandbox and start over. The reason this is useful is that AI coding agents work best when they can act without asking for permission at every step. Run a test, see it fail, install a missing dependency, re-run, iterate. Restricting every individual shell command degrades the agent into a slow helper. Code Airlock moves the main boundary below the agent rather than inside it, letting the agent work more freely inside a disposable environment while the review gate stays on your side. Setup involves installing Docker Sandboxes separately (the tool that provides the microVM layer), then installing code-airlock via npm or a shell installer. A doctor command checks that all prerequisites are in place before you launch anything. From inside your project folder, one command starts the agent in a sandbox, another lets you review its commits, and a final merge brings accepted changes home. The tool also supports running agents over SSH with tmux so you can disconnect and reconnect without stopping the session. Network access inside the sandbox can be restricted to an allowlist of approved domains, such as model APIs and package registries, if you want an additional layer of containment.

Copy-paste prompts

Prompt 1
I want to use code-airlock to run Claude Code on my Python repo inside a Docker Sandbox microVM. Walk me through the setup steps from installing Docker Sandboxes to running 'code-airlock up'.
Prompt 2
My 'code-airlock doctor' check is failing with a KVM virtualization error on Linux. What do I need to enable and how do I add my user to the kvm group?
Prompt 3
How does code-airlock's fetch and merge workflow work? Show me the exact commands to review what Claude Code committed inside the sandbox before merging it into my local branch.
Prompt 4
I want to restrict the network inside the code-airlock sandbox to only allow the Anthropic API and npm registry. How do I configure the network allowlist?

Frequently asked questions

What is code-airlock?

A shell wrapper that runs AI coding agents like Claude Code inside a disposable microVM, keeping your local repo read-only while the agent works, and letting you review all changes as git commits before merging.

What language is code-airlock written in?

Mainly Shell. The stack also includes Shell, Docker Sandboxes, Git.

What license does code-airlock use?

No license information was mentioned in the README.

How hard is code-airlock to set up?

Setup difficulty is rated hard, with roughly 1h+ to a first successful run.

Who is code-airlock for?

Mainly developer.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Scan in gitsafehub Deploy in gitdeployhub trivo25 on gitmyhub

Verify against the repo before relying on details.