aienv

The permission and isolation layer for AI coding agents.

AI coding setups become chaotic fast. Different projects need different MCP servers, prompts, skills, model providers, API credentials, and tooling. Most developers manage this with copied config files, global installs, and README instructions — unreproducible, hard to share, and insecure.

aienv fixes this with project-scoped MCPs and skills, reproducible YAML configs, multi-agent support (OpenCode, Claude Code), and disposable Docker sandboxes.

Quick Start

go install github.com/kapilratnani/aienv@latest
aienv init
source ~/.zshrc

aienv create backend-api    # interactive: agent, MCPs, skills
aienv backend-api            # activate (local)
aienv --docker backend-api   # activate (Docker sandbox)

Permissions (Experimental)

Network and filesystem permission enforcement works to some extent — the schema and configuration wizard are in place, but runtime enforcement works for opencode.

permissions:
  filesystem:
    read:
      "*": "allow"
    edit:
      "*": "ask"
  bash:
    "*": "ask"
  network:
    allow: ["api.github.com"]
    deny: ["*"]

Existing features: aienv permissions <name> wizard, Docker network proxy (enforces allow/deny), OpenCode config translation for filesystem.read/edit and bash patterns.

Planned: Docker-level filesystem isolation, trust-system review prompt, Claude Code settings generation testing.

Contributing

MCPs

Add curated MCPs to curated/mcps.yaml following the existing schema. Include env[] metadata for any required environment variables.

Skills

Add curated skills to curated/skills.yaml with a description that helps the create-flow search match user intent.

New Agents

Agent support is pluggable via internal/agents/agent.go. Implement the Agent interface (Name(), GenerateFiles(), ActivateCommand()) and register via blank import in agent_import.go.

General

PRs, issues, and ideas welcome. Open a discussion for larger changes before submitting.

Roadmap

• Create flow with curated & registry search
• Docker sandbox isolation
• Starter prompts
• Claude Code support
• Config inheritance & Docker auth
• Docker write isolation (session-unique volumes)
• Claude Code config inheritance
• Default environment directory
• Repo-local .aienv.yaml + aienv up
• Permission policies & trust (test in progress on OpenCode)
• Agent expansion framework (Cursor, Copilot, etc.)
• Custom MCP/skill repositories
• Environment sharing & team features

---

Detailed docs: architecture, completed features, docker sandbox, trust & permissions, use cases, roadmap

MIT License