softwaremill

softwaremill / sandcat

Public

A Docker & dev container setup for securely running AI agents in `--dangerous` mode. All container traffic is routed through a transparent mitmproxy, enforcing network access rules and injecting secrets.

agents ai autonomous claude devcontainer
92
2
100% credibility
Found Feb 12, 2026 at 55 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

Sandcat creates a protected coding environment where AI agents run with strict internet controls and hidden real passwords swapped in safely.

How It Works

1
📰 Discover Sandcat

You hear about Sandcat, a handy safety kit for running AI helpers in your coding workspace without internet worries.

2
📁 Add to your project

Slip the safety kit into your project's special setup folder so it's ready whenever you work.

3
🔒 Set your safety rules

Pick which websites your code can visit and add pretend passwords for real secure logins.

4
🚀 Launch your safe space

Open your project in the coding app, and your protected workspace springs to life with everything connected safely.

5
🤖 Run your AI experiments

Start your AI agents or code, and they work smoothly while staying inside safe boundaries.

6
👀 Watch the connections

Peek through the safety window to see exactly what internet chats are happening.

🎉 Code securely forever

Enjoy building with AI confidently, knowing your work is protected from sneaky online tricks.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 55 to 92 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is sandcat?

Sandcat turns your GitHub dev containers into a secure sandbox for AI agents or risky code, routing all HTTP/S, DNS, and TCP/UDP traffic through a transparent mitmproxy over WireGuard. It enforces network rules—like allowing only GETs or specific hosts—and swaps placeholder secrets for real API keys at the proxy, so your dev container vscode or dev container intellij never sees sensitive values. Built with Python scripts and Docker Compose, it slots into dev container docker compose setups via a simple submodule add.

Why is it gaining traction?

Unlike CLI tools like Matchlock or proxy env hacks in agent-sandbox, sandcat delivers zero-config transparency in github dev containers—no per-tool proxy settings, just network_mode: service:wg-client in your compose.yml. Developers dig the mitmweb UI for live traffic inspection, kill-switch firewall, and auto CA trust for Node/Rust tools, plus leak detection that blocks secret exfiltration. It's a drop-in for dev container features like github copilot or claude code without manual dev container tutorial fiddling.

Who should use this?

AI devs sandboxing github copilot agents or claude code in dev container visual studio; security-focused teams running untrusted scripts in github dev environment. Perfect for frontend/backend devs testing github dev tools with real APIs but locked-down POSTs, or ops enforcing policies in dev container docker setups.

Verdict

Try sandcat if you're building secure github dev containers—docs and tests are solid for a 45-star project, but its 1.0% credibility score flags early-stage risks like edge-case WireGuard quirks. Submodule it for quick wins, but monitor for production hardening.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.