nkzw-tech

nkzw-tech / cloudsail

Public

Self-hosted instant sandboxes for coding agents on Cloudflare.

18
0
89% credibility
Found May 22, 2026 at 18 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
TypeScript
AI Summary

Cloudsail is a self-hosted service that creates isolated remote development environments (called sandboxes) on Cloudflare's infrastructure. It lets developers give AI coding assistants like Codex or OpenCode their own secure, temporary computer that stays completely separate from the user's local machine. The service keeps sensitive credentials like GitHub tokens and API keys locked away in a secure layer, while still allowing the AI to read and write code, run tests, and interact with external services. Users manage everything through a simple command-line tool that handles creating sandboxes, opening interactive shells, running AI agents, starting web servers for testing, and pushing code back to GitHub. Sandboxes automatically shut down after being idle to save money, and users can add custom websites they want the AI to access for research.

How It Works

1
💡 You discover Cloudsail

You hear about a tool that gives your AI coding assistant its own remote computer, completely separate from your laptop.

2
📦 You install the tool

You download and install the Cloudsail command-line tool with a single command.

3
🔌 You connect your cloud account

You link your Cloudflare account and the tool automatically sets up everything needed to run remote computers.

4
🚀 You create your first sandbox

With one command, a brand new isolated computer appears, ready for your AI assistant to use.

5
You start working
⌨️
Open a shell

You type commands directly in the remote computer, watching everything happen in real-time.

🤖
Ask the AI to work

You tell the AI assistant what to build, and it writes code, runs tests, and reports back.

6
🌐 You test your web app

You start a dev server and share a preview link with teammates, or open it yourself to see how it looks.

🎉 Your work is complete

You commit your changes, push to GitHub, and create a pull request without leaving the sandbox.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 18 to 18 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is cloudsail?

Cloudsail is a self-hosted sandbox service that gives coding agents like Codex and OpenCode a safe place to run. It runs on Cloudflare Workers and Durable Objects, letting you spin up isolated remote computers through a local CLI. You create a sandbox with `cs create`, open a shell with `cs shell`, and run commands as if you were on a local machine. The service handles credential injection at the edge, so your GitHub tokens and API keys never actually enter the sandboxed environment.

Why is it gaining traction?

The security model is the hook. Cloudsail keeps credentials in the Worker layer and injects them only when making outbound requests to approved hosts like GitHub or OpenAI. The container gets a harmless placeholder instead, so even a compromised sandbox cannot exfiltrate your secrets. Combined with controlled egress and short-lived terminal tickets, this is a genuinely thoughtful approach to multi-tenant agent safety. The GitHub integration also stands out: `cs gh` seeds a sandbox from a repo or PR URL, and helpers like `cs diff`, `cs commit`, and `cs pr` wrap common workflows.

Who should use this?

Teams running coding agents in shared or production environments who need credential isolation. Individual developers who want to offload heavy tasks like test runs, package installs, or Codex sessions to cloud resources without leaving their local workflow. Organizations already on Cloudflare who want a self-hosted alternative to cloud-based development environments.

Verdict

Cloudsail solves a real problem with a clean architecture, but it is early stage with only 18 stars and alpha labeling. The credibility score of 0.8999999761581421% reflects this maturity gap. If you need credential-safe agent sandboxes today and are comfortable with bleeding-edge tooling, this is worth evaluating. Watch for stability improvements before committing to mission-critical workloads.

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.