dredozubov

dredozubov / hazmat

Public

macOS containment for AI agents — user isolation, kernel sandbox, pf firewall, DNS blocklist, backup/rollback. TLA+ verified.

ai-agents claude-code cli containment developer-tools
23
0
100% credibility
Found Apr 08, 2026 at 23 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Go
AI Summary

Hazmat creates a secure, isolated environment on macOS for running AI coding agents with automatic backups, firewalls, and permission controls to enable safe full autonomy.

How It Works

1
😟 Worry about AI helpers

You want AI coding assistants to work freely but fear they might access your private files or credentials.

2
🔍 Discover Hazmat

You learn about Hazmat, a safety tool that lets AI helpers work fully but locked in a secure space on your Mac.

3
📥 Install quickly

Run one simple command to add Hazmat to your Mac.

4
🛡️ Create safe space

Hazmat sets up a protected area with backups, walls against sneaky escapes, and clear rules for what the AI can touch.

5
👀 Preview rules

Check exactly what your AI helper can see and change before starting.

6
🚀 Launch helper

Start your AI coding assistant inside the safe space with full power but zero risk.

🎉 Code worry-free

Enjoy fast AI help on your projects, with easy undo if anything goes wrong.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 23 to 23 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is hazmat?

Hazmat is a Go-based macOS tool that sandboxes AI coding agents like Claude Code or OpenCode in a dedicated user account with kernel-level seatbelt restrictions, pf firewall rules blocking exfiltration protocols, DNS blocklists for C2 services, and automatic pre-session backups with rollback. It solves the core risk of granting agents full autonomy—your SSH GitHub keys, AWS creds, and files stay structurally isolated—while letting you run `hazmat claude` for seamless, prompt-free sessions. Think hazmat suit deutsch for agents: full protection without slowing your macOS GitHub CLI or SSH workflow.

Why is it gaining traction?

Unlike basic sandboxes or Docker, hazmat layers user isolation, supply-chain hardening (npm ignore-scripts by default), and TLA+ verified state machines for setup/rollback equivalence, defending against real CVEs like Claude's config RCE or axios postinstall RATs. Developers hook on the one-command contract previews (`hazmat explain`) and agent-agnostic exec for custom loops, plus integrations for node, go, rust stacks that auto-tune read-only toolchains without widening access.

Who should use this?

MacOS devs running AI agents for code gen/refactor who hit permission walls or fear escapes—especially Claude Code users eyeing `--dangerously-skip-permissions`, GitHub runners needing safe SSH, or teams building hazmat team protocols around autonomous agents. Ideal for solo prototyper to enterprise macOS GitHub desktop setups tired of half-measures.

Verdict

Grab it if you're on macOS with AI agents—early promise with TLA+ proofs and thorough docs outweighs 23 stars and 1.0% credibility score. Production-ready for personal use; watch for Linux port and broader adoption.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.