This self-hosted platform enables secure execution of AI coding agents like Claude Code, Codex, and Hermes within isolated Kubernetes sandboxes. It addresses the challenge of running powerful agents without exposing sensitive credentials, offering a secure vault proxy system. The platform benefits developers and researchers by providing a robust, auditable environment for AI-driven code generation accessible via CLI, web UI, or API.

How It Works

The core architecture leverages Kubernetes and a custom agent-sandbox CRD to provision isolated pods for each agent session. A key innovation is the credential vault proxy, which injects real API keys only when outbound connections are made, ensuring agents never directly access sensitive information. This approach allows agents to operate with necessary permissions securely. Sessions are managed via WebSocket, allowing local terminal attachment, and remain active for up to 24 hours after detachment.

Quick Start & Requirements

• CLI Install: Clone the repository, navigate to cli, run npm install, and symlink the binary: ln -sf "$PWD/bin/lap.mjs" ~/.local/bin/lap. Log in using lap login and start an agent with lap <agent-name>.
• Self-hosting Prerequisites: Docker Desktop, kind, kubectl, helm, and a LiteLLM gateway URL.
• Self-hosting Steps: Execute bin/kind-up.sh to provision a kind cluster and install the agent sandbox controller. Then, run docker compose up to start the Postgres database, web UI (accessible at localhost:3000), and worker services.
• Documentation: General docs: docs.litellm-agent-platform.ai; CLI: docs/lap-cli.md; Kubernetes backend: docs/k8s-backend.md.

Highlighted Details

• Supports multiple agent harnesses including Claude Code, Codex, and Hermes, with dedicated quickstart guides.
• Provides a Developer API for programmatic agent interaction (create agent, open session, send message, read reply).
• Recommended production deployment involves AWS EKS for the sandbox cluster and Render for the web and worker services.
• Local development utilizes kind for Kubernetes simulation.

Maintenance & Community

No specific details regarding maintainers, community channels (e.g., Discord, Slack), or roadmap were present in the provided README snippet.

Licensing & Compatibility

The project is licensed under the MIT license. This permissive license generally allows for commercial use and integration into closed-source projects without significant restrictions.

Limitations & Caveats

Self-hosting requires a Kubernetes environment (local or cloud) and familiarity with tools like kind, kubectl, and helm. A LiteLLM gateway URL is a mandatory prerequisite for operation. The platform's reliance on specific Kubernetes CRDs and infrastructure components may present a steeper learning curve for users unfamiliar with these technologies.