Secure Agent Sandbox

Run AI coding agents in isolated containers

Prompt injection, rogue skills, and compromised dependencies can turn AI coding agents hostile. Vibepit runs agents in hardened containers where all network traffic is filtered through an allowlist. Local only: no cloud, no accounts.

Get Started CLI Reference GitHub

Two commands, and you're in the pit

curl -fsSL https://vibepit.dev/download.sh | bash
sudo mv vibepit /usr/local/bin/

Why Vibepit

Container Isolation

Each session runs in a hardened container with a read-only root filesystem and dropped capabilities.

Filtered Networking

HTTP, HTTPS, and DNS traffic is filtered through an allowlist proxy with optional network presets.

Runtime Control

Manage allowlists and inspect live traffic with CLI commands or the interactive monitor UI.

Start Here

First Sandbox

Launch your first isolated session in a project directory.

Monitor and Allowlist

Inspect proxy logs and manage live session access.

CLI Reference

Command syntax, flags, and detailed behavior for every subcommand.

AI Coding Agents

Set up Claude Code, Codex, or Copilot with the right network presets.

Architecture

How the proxy, sandbox container, and isolated network fit together.

Security Model

Understand assumptions, boundaries, and defense-in-depth controls.