aide

Stop babysitting your agent.

One command. Any agent. Sandboxed, reproducible, zero decision fatigue.

You planned the work. You know what needs to happen. But instead of letting your agent execute, you're stuck evaluating every file read, every shell command, every network call. That's not autonomy — that's babysitting with extra steps.

aide fixes three things:

Sandbox — stop choosing between scary and exhausting

Without aide, you either skip all permissions and hope for the best:

claude --dangerously-skip-permissions  # what could go wrong?

Or you click "allow" on every. single. action. File read? Allow. Shell command? Allow. Network call? Allow. Two hundred times a session.

With aide, the agent runs inside OS-native guardrails — no config, no prompts:

aide    # agent launches sandboxed automatically

🔧 aide · work (claude)
   📁 github.com/acme/api
   🛡 sandbox: network outbound, code-only

Code-only mode. Your agent can read your code, run tests, hit the network — but it physically cannot touch your SSH keys, cloud credentials, or browser data. 10 guards active by default, zero configuration.

Ready to deploy? Tell aide what you're doing:

aide --with docker          # build and push images
aide --with docker k8s      # deploy to your cluster
aide --with docker k8s gcp  # debug cloud infra too

🔧 aide · work (claude)
   📁 github.com/acme/api
   🛡 sandbox: network outbound
      ✓ docker     ~/.docker/config.json
      ✓ k8s        ~/.kube/config (KUBECONFIG)
      ✓ gcp        ~/.config/gcloud

      ⚠ credentials exposed: GOOGLE_APPLICATION_CREDENTIALS

Each capability unlocks exactly what the agent needs — nothing more. Docker gets registry creds. Kubernetes gets kubeconfig. GCP gets gcloud auth. Everything else stays locked.

Protect what matters:

aide cap never-allow ~/.kube/prod-config
aide cap never-allow --env PRODUCTION_DB_PASSWORD

Now no capability — not even k8s — can ever read your production kubeconfig. The agent sees your dev and staging clusters but production is a hard wall:

🔧 aide · work (claude)
   🛡 sandbox: network outbound
      ✓ k8s        ~/.kube/dev-config, ~/.kube/staging-config
      ✗ denied     ~/.kube/prod-config (never-allow)

Make it permanent for a project:

# .aide.yaml in your repo root
capabilities: [docker, k8s, gcp]

No flags needed next time — aide picks up the capabilities from your config.

The first time aide encounters a .aide.yaml, it shows the contents and asks you to trust it:

aide trust    # approve the project config
aide deny     # block it permanently

Create your own:

aide cap create k8s-dev --extends k8s --deny ~/.kube/prod-config
aide --with k8s-dev docker    # dev clusters only, production blocked

19 built-in capabilities: aws, gcp, azure, docker, k8s, helm, terraform, vault, ssh, npm, go, rust, python, ruby, java, github, gpg, and more. Or define your own.

Unified UX — one command, any agent

Without aide, every agent is its own world:

claude                                          # Anthropic API key
CLAUDE_CODE_USE_BEDROCK=1 AWS_PROFILE=work claude  # or Bedrock?
codex --provider anthropic                      # different CLI entirely
aider --model claude-3.5-sonnet                 # yet another interface

Different CLIs. Different config formats. Different env vars. Switch agents, rewire everything.

With aide, you configure once and forget:

cd ~/work/project && aide    # Claude with work Bedrock credentials
cd ~/oss/repo && aide        # Aider with personal Anthropic key
cd ~/scratch && aide         # auto-detects agent on PATH, zero config

Same command everywhere. aide resolves the right agent, credentials, and sandbox from your project directory.

Reproducibility — secrets that don't leak

Without aide:

# The classic footgun
echo 'ANTHROPIC_API_KEY=sk-ant-...' >> .env
git add -A && git commit -m "update config"  # oops

API keys in .env files. Wrapper scripts with hardcoded tokens. A new machine means an hour of setup.

With aide, secrets are encrypted at rest and never exist as plaintext on disk:

aide secrets create personal --age-key age1abc...   # encrypted with your key

Config and encrypted secrets live in git. Clone your config on a new machine and you're done. No shared secrets, no plaintext on disk.

Quick Start

# Install latest release (macOS)
curl -sSfL https://raw.githubusercontent.com/jskswamy/aide/main/install.sh | sh

# Install to a specific directory
curl -sSfL https://raw.githubusercontent.com/jskswamy/aide/main/install.sh | INSTALL_DIR=/usr/local/bin sudo sh

# Install a specific version
curl -sSfL https://raw.githubusercontent.com/jskswamy/aide/main/install.sh | VERSION=v0.1.0 sh

aide

Stop babysitting your agent.

One command. Any agent. Sandboxed, reproducible, zero decision fatigue.

aide fixes three things:

Sandbox — stop choosing between scary and exhausting

Without aide, you either skip all permissions and hope for the best:

claude --dangerously-skip-permissions  # what could go wrong?

Or you click "allow" on every. single. action. File read? Allow. Shell command? Allow. Network call? Allow. Two hundred times a session.

With aide, the agent runs inside OS-native guardrails — no config, no prompts:

aide    # agent launches sandboxed automatically

🔧 aide · work (claude)
   📁 github.com/acme/api
   🛡 sandbox: network outbound, code-only

Ready to deploy? Tell aide what you're doing:

aide --with docker          # build and push images
aide --with docker k8s      # deploy to your cluster
aide --with docker k8s gcp  # debug cloud infra too

🔧 aide · work (claude)
   📁 github.com/acme/api
   🛡 sandbox: network outbound
      ✓ docker     ~/.docker/config.json
      ✓ k8s        ~/.kube/config (KUBECONFIG)
      ✓ gcp        ~/.config/gcloud

      ⚠ credentials exposed: GOOGLE_APPLICATION_CREDENTIALS

Each capability unlocks exactly what the agent needs — nothing more. Docker gets registry creds. Kubernetes gets kubeconfig. GCP gets gcloud auth. Everything else stays locked.

Protect what matters:

aide cap never-allow ~/.kube/prod-config
aide cap never-allow --env PRODUCTION_DB_PASSWORD

Now no capability — not even k8s — can ever read your production kubeconfig. The agent sees your dev and staging clusters but production is a hard wall:

🔧 aide · work (claude)
   🛡 sandbox: network outbound
      ✓ k8s        ~/.kube/dev-config, ~/.kube/staging-config
      ✗ denied     ~/.kube/prod-config (never-allow)

Make it permanent for a project:

# .aide.yaml in your repo root
capabilities: [docker, k8s, gcp]

No flags needed next time — aide picks up the capabilities from your config.

The first time aide encounters a .aide.yaml, it shows the contents and asks you to trust it:

aide trust    # approve the project config
aide deny     # block it permanently

Create your own:

aide cap create k8s-dev --extends k8s --deny ~/.kube/prod-config
aide --with k8s-dev docker    # dev clusters only, production blocked

19 built-in capabilities: aws, gcp, azure, docker, k8s, helm, terraform, vault, ssh, npm, go, rust, python, ruby, java, github, gpg, and more. Or define your own.

Unified UX — one command, any agent

Without aide, every agent is its own world:

claude                                          # Anthropic API key
CLAUDE_CODE_USE_BEDROCK=1 AWS_PROFILE=work claude  # or Bedrock?
codex --provider anthropic                      # different CLI entirely
aider --model claude-3.5-sonnet                 # yet another interface

Different CLIs. Different config formats. Different env vars. Switch agents, rewire everything.

With aide, you configure once and forget:

cd ~/work/project && aide    # Claude with work Bedrock credentials
cd ~/oss/repo && aide        # Aider with personal Anthropic key
cd ~/scratch && aide         # auto-detects agent on PATH, zero config

Same command everywhere. aide resolves the right agent, credentials, and sandbox from your project directory.

Reproducibility — secrets that don't leak

Without aide:

# The classic footgun
echo 'ANTHROPIC_API_KEY=sk-ant-...' >> .env
git add -A && git commit -m "update config"  # oops

API keys in .env files. Wrapper scripts with hardcoded tokens. A new machine means an hour of setup.

With aide, secrets are encrypted at rest and never exist as plaintext on disk:

aide secrets create personal --age-key age1abc...   # encrypted with your key

Config and encrypted secrets live in git. Clone your config on a new machine and you're done. No shared secrets, no plaintext on disk.

Quick Start

# Install latest release (macOS)
curl -sSfL https://raw.githubusercontent.com/jskswamy/aide/main/install.sh | sh

# Install to a specific directory
curl -sSfL https://raw.githubusercontent.com/jskswamy/aide/main/install.sh | INSTALL_DIR=/usr/local/bin sudo sh

# Install a specific version
curl -sSfL https://raw.githubusercontent.com/jskswamy/aide/main/install.sh | VERSION=v0.1.0 sh

Help us improve

Find plugins for your project

Help us improve

aide

Popularity

Health & Quality

Confidence

What's Inside

Help us improve

README

aide

Sandbox — stop choosing between scary and exhausting

Unified UX — one command, any agent

Reproducibility — secrets that don't leak

Quick Start

Similar Plugins

everything-claude-code

agents-quality-security

agent-orchestration

agent-context-manager

claude-token-reducer

cc-polymath

More by jskswamy

guardrails

sketch-note

typst-notes

jot

devenv

aide

Sandbox — stop choosing between scary and exhausting

Unified UX — one command, any agent

Reproducibility — secrets that don't leak

Quick Start