offleash
AI coding agents, off the leash.
Run AI coding agents autonomously in sandboxed Docker containers. Full power, zero risk. Cross-platform, auto-authenticating, zero-config.
One sandbox, any AI agent.
offleash is built to support multiple AI coding agents. Claude Code is first, with more on the way.
Claude Code
Anthropic's CLI agent with full autonomous mode
Codex CLI
OpenAI's coding agent
Gemini CLI
Google's coding agent
Aider
Open-source AI pair programming
Everything you need, nothing you don't.
offleash handles Docker, authentication, permissions, and configuration so you can just type and go.
Sandboxed Isolation
Your AI agent runs inside a fresh Docker container. Your host machine stays safe. Changes are restricted to your project directory.
Cross-Platform
Works on macOS, Linux, and Windows. Handles path translation, TTY detection, and Docker differences automatically.
Auto-Authentication
Extracts credentials from your OS keychain automatically. No manual config. Also supports API keys for CI/headless environments.
Smart Caching
Docker images are tagged by content hash. Rebuilds only when something changes. First run takes seconds, reruns are instant.
Resource Limits
Control CPU, memory, and timeout. Run with --no-network for full network isolation. You set the boundaries.
Auto-Commit
Pass --auto-commit and changes are committed to git when the agent finishes. Add --commit-message for custom messages.
File Context
Pass PDFs, docs, or images with --file. The agent reads them as initial context. Combine with a prompt for targeted work.
CI/CD Ready
Non-interactive --print mode for pipelines. Pipe prompts via stdin. Perfect for automated workflows.
Persistent Config
Save your preferred defaults with offleash config set. Memory limits, model, network mode, and more.
Up and running in 30 seconds.
// Install
// Usage
Simple under the hood.
Five steps from command to autonomous coding. All automatic.
Build a minimal Docker image
A lightweight container image with your AI agent pre-installed. Cached by content hash for instant reruns.
Mount your project
Your current directory becomes /workspace inside the container. Changes sync in real-time via Docker volumes.
Inject credentials securely
Auth tokens are extracted from your OS keychain and passed as environment variables. Nothing written to disk.
Launch with full autonomy
The agent runs with all permission checks bypassed. Trust prompts, safety dialogs — all pre-accepted so it can work uninterrupted.
Run as non-root user
Inside the container, the agent operates as an unprivileged user. Sandboxed, isolated, safe.
Full CLI reference.
Options
| Flag | Description |
|---|---|
| -p, --prompt <text> | Initial prompt for the agent |
| -f, --file <path> | File for the agent to read as initial context |
| Non-interactive mode (print output and exit) | |
| -c, --continue | Continue last session |
| --model <model> | Model to use |
| --cpus <n> | CPU limit for container |
| --memory <size> | Memory limit (e.g., "4g") |
| --timeout <duration> | Auto-kill after duration (e.g., "30m") |
| --no-network | Disable network in container |
| --read-only | Mount workspace as read-only |
| --mount <spec> | Extra volume mount (repeatable) |
| --env <KEY=VAL> | Extra environment variable (repeatable) |
| --auto-commit | Auto-commit changes to git when done |
| --commit-message <msg> | Custom commit message (implies --auto-commit) |
| --image <name> | Custom Docker image |
| --workdir <path> | Override working directory |
| --rebuild | Force Docker image rebuild |
| -v, --verbose | Verbose output |
| --debug | Debug output |
| -q, --quiet | Minimal output |
Commands
| Command | Description |
|---|---|
| offleash auth | Show authentication status |
| offleash auth login | Authenticate with your agent |
| offleash auth token | Set up API token for headless/CI use |
| offleash config list | Show all configuration values |
| offleash config set <key> <val> | Set a configuration value |
| offleash config get <key> | Get a configuration value |
| offleash config reset [key] | Reset configuration to defaults |
| offleash doctor | Diagnose environment issues |