{"id":32329900,"url":"https://github.com/strongdm/leash","last_synced_at":"2026-03-12T01:39:20.318Z","repository":{"id":320109019,"uuid":"1080656849","full_name":"strongdm/leash","owner":"strongdm","description":"Leash by StrongDM - take your AI agents for a walk","archived":false,"fork":false,"pushed_at":"2026-01-29T01:49:13.000Z","size":949,"stargazers_count":289,"open_issues_count":2,"forks_count":14,"subscribers_count":5,"default_branch":"main","last_synced_at":"2026-01-29T14:18:17.457Z","etag":null,"topics":["agentic","ai","claude-code","codex-cli","container","sandbox","security"],"latest_commit_sha":null,"homepage":"https://leash.strongdm.ai/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/strongdm.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-10-21T17:18:26.000Z","updated_at":"2026-01-28T04:59:41.000Z","dependencies_parsed_at":"2025-10-22T02:33:04.629Z","dependency_job_id":"dc799d3b-72ed-4fa3-82bd-b3515f36bfb6","html_url":"https://github.com/strongdm/leash","commit_stats":null,"previous_names":["strongdm/leash"],"tags_count":14,"template":false,"template_full_name":null,"purl":"pkg:github/strongdm/leash","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/strongdm%2Fleash","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/strongdm%2Fleash/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/strongdm%2Fleash/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/strongdm%2Fleash/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/strongdm","download_url":"https://codeload.github.com/strongdm/leash/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/strongdm%2Fleash/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30412090,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-12T00:40:14.898Z","status":"ssl_error","status_checked_at":"2026-03-12T00:40:08.439Z","response_time":84,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agentic","ai","claude-code","codex-cli","container","sandbox","security"],"created_at":"2025-10-23T18:20:06.844Z","updated_at":"2026-03-12T01:39:20.307Z","avatar_url":"https://github.com/strongdm.png","language":"Go","readme":"# [Leash](https://leash.strongdm.ai/)\n[![Tests](https://github.com/strongdm/leash/actions/workflows/tests.yml/badge.svg?branch=main)](https://github.com/strongdm/leash/actions/workflows/tests.yml)\n\nLeash wraps AI coding agents in containers and monitors their activity. You define policies in [Cedar](https://docs.cedarpolicy.com/); Leash enforces them instantly.\n\n![Leash demo](https://leash.strongdm.ai/media/leash-clip.gif)\n\n## Requirements\n\n- Docker, Podman, or [OrbStack](https://orbstack.dev/)\n- macOS or Linux (WSL, too!)\n\n## Installation\n\nRecommended method is via npm:\n\n```bash\nnpm install -g @strongdm/leash\n```\n\nAlternative ways follow:\n\nDownload the latest pre-built release binary from the [releases](https://github.com/strongdm/leash/releases) page.\n\nor if you're on macOS:\n\n```bash\nbrew tap strongdm/tap\nbrew install --cask leash-app\n```\n\n**macOS Note 1:** This installs a helper app that enables experimental native mode on macOS and also installs the leash formula.\n\n**macOS Note 2:** If you download Leash from the releases page, you'll need to run `xattr -d com.apple.quarantine leash` after extracting it\n\nRefer to [MACOS.md](docs/MACOS.md) to learn more about the additional native macOS capabilities.\n\n### Run your first Leash command\n\n```bash\n# Launch codex with the Control UI and pop open the web browser automatically\nleash --open claude\n\nleash --open codex\n\n# Inspect available options\nleash --help\n```\n\nAI agents `claude`, `codex`, `gemini`, `qwen`, and `opencode` are shipped in the default `coder` image.\n\nOn first use Leash will prompt to mount the host's coder-agent config directory (for example `~/.claude`) into the container.\n\nChoose whether to remember that decision globally, for the current project, or just this once; persistent choices are stored at `~/.config/leash/config.toml`.\n\n## Key Concepts\n\n- **Full monitoring** captures every filesystem access and network connection initiated by the agent so Cedar policies and audit trails operate on complete telemetry.\n\n- **Agent container** runs your command with the current directory bind-mounted, so tools see the same file tree they would on the host.\n- **Leash container** monitors system calls, applies Cedar policies, and exposes the Control UI at http://localhost:18080 (use `--open` to launch it automatically).\n- **Mount prompts** remember whether to forward host agent credentials (see [CONFIG.md](docs/CONFIG.md)).\n- **Environment forwarding** maps common API keys automatically: `ANTHROPIC_API_KEY` for `claude`, `OPENAI_API_KEY` for `codex`, `GEMINI_API_KEY` for `gemini`, and `DASHSCOPE_API_KEY` for `qwen`.\n\n## MCP Integration\n\nLeash includes a Model Context Protocol (MCP) observer that inspects, records, and enforces MCP tool calls made by the agent. Requests flowing through supported MCP transports are correlated with filesystem and network telemetry, enabling Cedar policies to govern tool use alongside core runtime activity.\n\n## Using Leash\n\n### Images and Dependencies\n\n- Keep the default `public.ecr.aws/s5i7k8t3/strongdm/coder` image for a ready-to-run AI tooling environment.\n- Extend [Dockerfile.coder](Dockerfile.coder) with project packages, then point Leash at the new image.\n- Reuse an existing project image by adding `ca-certificates` and configuring Leash to launch it.\n\nConfigure alternative images through TOML, CLI flags, or environment variables:\n\n```toml\n[leash]\ncodex = true\n\n[projects.\"/absolute/path/to/project\"]\ntarget_image = \"ghcr.io/example/dev:latest\"\n\n[projects.\"/absolute/path/to/project\".volumes]\n\"~/devtools\" = \"/workspace/devtools:rw\"\n```\n\n| Configure               | Use                                     | Notes                                                 |\n|-------------------------|-----------------------------------------|-------------------------------------------------------|\n| Target image            | `target_image` in `config.toml`,        | Defaults to `public.ecr.aws/s5i7k8t3/strongdm/coder`. |\n|                         | `LEASH_TARGET_IMAGE`, or `--image` flag |                                                       |\n| Target container base   | `TARGET_CONTAINER`                      | Auto-sanitized from the current directory when unset. |\n| Leash manager image     | `--leash-image`, `LEASH_IMAGE`          | Override when testing custom manager builds.          |\n| Cedar policy file       | `--policy`, `LEASH_POLICY_FILE`         | Mount a specific Cedar policy.                        |\n| Control UI bind address | `--listen`, `LEASH_LISTEN`              | Blank value binds to default 127.0.0.1:18080          |\n| Extra bind mount        | `-v src:dst[:ro]`                       | Repeatable for multiple mounts.                       |\n| Environment variables   | `-e KEY=value`                          | Forwarded into both containers.                       |\n\nRun `./bin/leash --help` for a complete list of flags and environment variables.\n\nSee [CONFIG.md](docs/CONFIG.md) and [CUSTOM-DOCKER-IMAGES.md](docs/CUSTOM-DOCKER-IMAGES.md) for more information.\n\n### Manual Volumes and Environment Variables\n\nChoose your own project-specific mounts and set additional environment variables as needed:\n\n```bash\nleash -v ~/.myconfig:/root/.myconfig claude bash\nleash -e MY_VAR=value codex bash\n```\n\n## Deep Dives\n\nDive deeper with [CEDAR.md](docs/design/CEDAR.md) for ready-to-adapt snippets.\n\n- Telemetry details live in [TELEMETRY.md](docs/TELEMETRY.md).\n\n## Troubleshooting \u0026 Next Steps\n\n- Reset mount decisions or inspect config behavior with the tips in [CONFIG.md](docs/CONFIG.md#L1).\n- Explore the development process in [DEVELOPMENT.md](docs/DEVELOPMENT.md) and [CONTRIBUTORS.md](CONTRIBUTORS.md).\n","funding_links":[],"categories":["Defense \u0026 Security Controls","Go","Workflow Infrastructure \u0026 Design","Sandboxing \u0026 Isolation"],"sub_categories":["Agent Runtime Security \u0026 Sandboxing"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstrongdm%2Fleash","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstrongdm%2Fleash","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstrongdm%2Fleash/lists"}