Alcatraz#
Run code agents unrestricted, but fearlessly.
AI code agents like Claude Code, Codex, and Gemini CLI are most powerful when you remove the guardrails. But unrestricted agents can read your secrets, delete files, or make network calls you didn’t expect.
Alcatraz wraps your agent in a configurable container with file and network isolation. Your agent gets full access inside the sandbox. Your system stays safe outside it.
Why Alcatraz?#
- Full agent freedom — No permission prompts. No guardrails. Maximum productivity inside the container.
- Network on lockdown — Zero LAN access by default. Kernel-level nftables firewall.
- File isolation — Mount only what you choose. Hide secrets with exclude patterns.
- Selective file mounting —
workdir_excludeand per-mountexcludepatterns hide secrets and sensitive files from the container, powered by Mutagen sync - Zero-config startup —
alca init && alca upgets you running - Auto-detect runtime — Chooses Docker, OrbStack, or Podman automatically
- Nix/Flake integration — Automatically activates
nix developenvironments
Quick Start#
# Install (see Quickstart for all options: Go, Nix, mise)
brew tap bolasblack/alcatraz https://github.com/bolasblack/alcatraz
brew install alca
# Initialize in your project
cd my-project
alca init
# Start container and run commands
alca up
alca run make buildSee the Quickstart guide for all installation methods and detailed setup instructions.
Documentation#
Quickstart#
Get started in under 5 minutes. Installation, basic commands, and your first container.
Configuration#
Complete
.alca.tomlreference. Images, mounts, commands, and resource limits.
Network#
Network isolation and LAN access. Platform-specific firewall setup and troubleshooting.
Sync Conflicts#
Detect and resolve file sync conflicts when using selective file mounting.