{"id":49026126,"url":"https://github.com/kstenerud/yoloai","last_synced_at":"2026-05-27T08:35:38.098Z","repository":{"id":340548733,"uuid":"1165745989","full_name":"kstenerud/yoloai","owner":"kstenerud","description":"Permission fatigue is a real problem. Sandbox escape is a real problem. yoloAI solves it.","archived":false,"fork":false,"pushed_at":"2026-05-21T12:12:50.000Z","size":4666,"stargazers_count":85,"open_issues_count":11,"forks_count":4,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-05-21T13:25:08.145Z","etag":null,"topics":["ai","ai-agents","aider","claude","codex","docker","gemini","opencode","permission","podman","sandbox","seatbelt","tmux","yolo"],"latest_commit_sha":null,"homepage":"https://yoloai.dev","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kstenerud.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":"docs/ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-24T13:56:57.000Z","updated_at":"2026-05-21T12:12:55.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/kstenerud/yoloai","commit_stats":null,"previous_names":["kstenerud/yoloai"],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/kstenerud/yoloai","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kstenerud%2Fyoloai","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kstenerud%2Fyoloai/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kstenerud%2Fyoloai/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kstenerud%2Fyoloai/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kstenerud","download_url":"https://codeload.github.com/kstenerud/yoloai/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kstenerud%2Fyoloai/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33558652,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-27T02:00:06.184Z","response_time":53,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","ai-agents","aider","claude","codex","docker","gemini","opencode","permission","podman","sandbox","seatbelt","tmux","yolo"],"created_at":"2026-04-19T07:00:20.155Z","updated_at":"2026-05-27T08:35:38.092Z","avatar_url":"https://github.com/kstenerud.png","language":"Go","funding_links":[],"categories":["Host-level sandboxes and local workspace isolation"],"sub_categories":["Multiplatform"],"readme":"# yoloAI\n\n**Sandboxed runner for AI coding agents. No more permission fatigue. Your files stay untouched until you say otherwise.**\n\n![terminal](terminal.svg)\n\nAI coding agents want to edit your files and run commands, so you must choose between them constantly asking your permission, or bypassing permissions and risking a catastrophe.\n\nUntil now.\n\nLet your agent live dangerously in a sandbox, then review the changes and decide what to keep.\n\n```text\nYou Sandbox Your project\n │ │ │\n ├─ yoloai new fix-bug . ├─ sandbox copy of project │\n │ │ │\n ├─ \u003c\u003c your prompt(s) \u003e\u003e ├─ agent works freely │\n │ │ (no permission prompts) │\n │ │ │\n ├─ yoloai diff fix-bug ├─ shows what changed │\n │ │ │\n ├─ yoloai apply fix-bug │ ├─ patches applied\n │ (you choose which ones) │ │\n │ │ │\n ├─ yoloai destroy fix-bug ├─ destroys sandbox │\n```\n\n## Why?\n\n**Permission fatigue is real.** After a hundred approve/deny prompts you stop reading and just hit \"yes\" — or you reach for `--dangerously-skip-permissions` and hope for the best. Neither is great.\n\nyoloAI takes a different approach: let the agent do whatever it wants inside a disposable container. Your originals are never modified. When the agent is done, review the diff and choose what to keep.\n\n- **Your files are untouchable.** The agent works on an isolated copy. Originals never change until you say so.\n- **Git-powered review.** `diff` shows exactly what changed. `apply` patches your project cleanly, preserving individual commits.\n- **No permission prompts.** The container is disposable — agents run with full access inside the sandbox.\n- **Persistent agent state.** Session history and config survive stops and restarts.\n- **Easy retry.** `yoloai reset` re-copies your original for a fresh attempt.\n\n## What yoloAI is not\n\n- **Not an orchestrator.** The orchestrator space is crowded (60+ tools) and rapidly evolving. yoloAI's value is the sandbox layer — it provides composable primitives (`new`, `diff`, `apply`) that orchestrators can build on top of, not a coordination framework.\n- **Not an autonomous agent platform.** yoloAI runs one agent in one sandbox — it doesn't decompose tasks, coordinate multiple agents, or manage autonomous workflows. You drive the loop.\n- **Not a permission system.** Instead of asking you to approve every file write and shell command, yoloAI eliminates the question entirely: the agent does whatever it wants in a disposable sandbox, and you review the result.\n- **Not a hosted service.** yoloAI is a local CLI tool. No accounts, no cloud, no vendor lock-in. Just a Go binary and your chosen sandbox backend.\n- **Not a live-sync tool.** Your originals are protected by default. The agent works on an isolated copy and changes only land when you say so. (Live mounts are available via `:rw` mode for those who want them.)\n\n## Install\n\n### Using `go install`\n\n```bash\n# Latest release\ngo install github.com/kstenerud/yoloai/cmd/yoloai@latest\n\n# Latest development version (beta)\ngo install github.com/kstenerud/yoloai/cmd/yoloai@main\n```\n\nRequires Go 1.24+. The binary is placed in `$GOPATH/bin` (typically `~/go/bin`).\n\n### From source\n\n```bash\ngit clone https://github.com/kstenerud/yoloai.git\ncd yoloai\nmake build\nsudo mv yoloai /usr/local/bin/ # or add to PATH\n```\n\nSingle Go binary, no runtime dependencies beyond your chosen backend. On first run, yoloAI builds its base image (~2 min) and creates `~/.yoloai/`.\n\n## One-Shot workflow\n\n### Non-Interactive\n\n```bash\n# Authenticate (yoloAI picks up existing credentials automatically)\nexport ANTHROPIC_API_KEY=sk-ant-... # Claude Code\nexport GEMINI_API_KEY=... # Gemini CLI\n# Or just let it pick up your already authenticated session\n\n# 1. Spin up a sandbox. Agent starts working immediately when you supply a prompt here\nyoloai new fix-bug ./my-project --prompt \"fix the failing tests\"\n\n# 2. See what the agent changed\nyoloai diff fix-bug\n\n# 3. Apply the good parts to your real project\nyoloai apply fix-bug\n\n# 4. Toss the container\nyoloai destroy fix-bug\n```\n\n### Interactive\n\n```bash\nyoloai new exploration ./my-project -a\n# You're inside the agent, running in tmux in the sandbox.\n# Ctrl-B, D to detach.\n# yoloai attach exploration to reconnect.\n```\n\n## Iterative workflow\n\nFor longer tasks, work in a commit-by-commit loop. Keep two terminals open — one for yoloAI, one for your normal shell.\n\n```\n┌─ YOLO shell ──────────────────────┬─ Outer shell ─────────────────────┐\n│ │ │\n│ yoloai new myproject . -a │ │\n│ │ │\n│ # Tell the agent what to do, │ │\n│ # have it commit when done. │ │\n│ │ yoloai apply myproject │\n│ │ # Review and accept the commits. │\n│ │ │\n│ # ... next task, next commit ... │ │\n│ │ yoloai apply myproject │\n│ │ │\n│ │ # When you have a good set of │\n│ │ # commits, push: │\n│ │ git push │\n│ │ │\n│ │ # Done? Tear it down: │\n│ │ yoloai destroy myproject │\n└───────────────────────────────────┴───────────────────────────────────┘\n```\n\nThe agent works on an isolated copy, so you can keep iterating without risk. Each `apply` patches the real project with only the new commits since the last apply.\n\n## Supported Infrastructure\n\n### Sandbox Backends\n\n| Backend | Supported Hosts | Dependencies |\n|----------|------------------------------|--------------------------------------------------------------------|\n| docker | Linux, macOS, Windows (WSL2) | [Docker Engine](https://docs.docker.com/engine/install/) or [Docker Desktop](https://docs.docker.com/get-docker/) |\n| podman | Linux, macOS | [Podman](https://podman.io/get-started) (`brew install podman` on macOS) |\n| tart | macOS (Apple Silicon) | [Tart](https://github.com/cirruslabs/tart) (`brew install cirruslabs/cli/tart`) |\n| seatbelt | macOS (any) | None (uses built-in `sandbox-exec`) |\n\n### Security Modes (Docker/Podman)\n\nOptionally upgrade the OCI runtime for stronger isolation on container backends:\n\n| Mode | Description |\n|------|-------------|\n| `standard` | Default `runc` — standard Linux namespaces and cgroups |\n| `gvisor` | Userspace kernel (gVisor/runsc) — syscall interception, no KVM needed |\n| `kata` | Kata Containers (VM-based) — hardware VM isolation (experimental) |\n| `kata-firecracker` | Kata + Firecracker microVM — lightweight VM isolation (experimental) |\n\n```bash\n# Use gVisor for all new sandboxes\nyoloai config set security gvisor\n\n# Or per sandbox\nyoloai new task . --security gvisor\n```\n\n`kata` and `kata-firecracker` are experimental and require Kata Containers to be installed.\n\n### Agent Modes\n\n| Mode | Description |\n|------------|-------------|\n| `claude` | Runs [Claude Code](https://github.com/anthropics/claude-code) via API key or subscription credentials (default) |\n| `codex` | Runs [Codex](https://github.com/openai/codex) via API key or subscription credentials |\n| `gemini` | Runs [Gemini](https://github.com/google-gemini) via API key or subscription credentials |\n| `aider` | Runs [Aider](https://github.com/Aider-AI/aider) (your config is copied in) |\n| `opencode` | Runs [OpenCode](https://github.com/anomalyco/opencode) (your config is copied in) |\n| `shell` | Runs a tmux shell with all agents credentials seeded |\n| `idle` | Runs an idle process to allow MCP proxying |\n\nUse `yoloai system agents` to list available agents.\n\n## Learn more\n\n- **[Usage Guide](docs/GUIDE.md)** — commands, flags, workdir modes, configuration, security\n- **[Roadmap](docs/ROADMAP.md)** — upcoming features\n- **[Architecture](docs/dev/ARCHITECTURE.md)** — code navigation for contributors\n\nEarly access. Core workflow works, rough edges expected. [Feedback welcome.](https://github.com/kstenerud/yoloai/issues)\n\n## License\n\n[MIT](LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkstenerud%2Fyoloai","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkstenerud%2Fyoloai","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkstenerud%2Fyoloai/lists"}