Metadata-Version: 2.4
Name: bilrost
Version: 1.0.0
Summary: Hardened Lima VM for running AI agents — overlay isolation, network containment, secrets management, and gated sync.
Project-URL: Homepage, https://github.com/Peleke/openclaw-sandbox
Project-URL: Documentation, https://peleke.github.io/openclaw-sandbox/
Project-URL: Repository, https://github.com/Peleke/openclaw-sandbox
Project-URL: Issues, https://github.com/Peleke/openclaw-sandbox/issues
Project-URL: Changelog, https://github.com/Peleke/openclaw-sandbox/blob/main/CHANGELOG.md
Author: Peleke Sengstacke
License-Expression: MIT
License-File: LICENSE
Keywords: ai-agents,isolation,lima,sandbox,security,vm
Classifier: Development Status :: 4 - Beta
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: MacOS
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Programming Language :: Python :: 3.14
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Testing
Classifier: Topic :: System :: Emulators
Requires-Python: >=3.11
Requires-Dist: fastmcp<3,>=2
Requires-Dist: jinja2<4,>=3.1
Requires-Dist: pydantic<3,>=2
Requires-Dist: rich<14,>=13
Requires-Dist: tomli-w<2,>=1
Requires-Dist: tomli<3,>=2; python_version < '3.11'
Requires-Dist: typer<1,>=0.12
Provides-Extra: dev
Requires-Dist: pytest<9,>=8; extra == 'dev'
Requires-Dist: pyyaml<7,>=6; extra == 'dev'
Description-Content-Type: text/markdown

# bilrost

**Hardened Lima VM for running AI agents** — overlay isolation, network containment, secrets management, and gated sync.

## Install

```bash
# Via pipx (recommended)
pipx install bilrost

# Via uv
uv tool install bilrost

# Via pip
pip install bilrost
```

## Usage

```bash
# Interactive setup
bilrost init

# Provision the VM (~5 min first run)
bilrost up

# Check status
bilrost status

# SSH into the VM
bilrost ssh

# Sync overlay changes to host (with secret scanning)
bilrost sync

# Stop / destroy
bilrost down
bilrost destroy
```

## MCP Server

Agents can manage the sandbox programmatically via FastMCP:

```json
{
  "mcpServers": {
    "sandbox": {
      "command": "bilrost-mcp"
    }
  }
}
```

9 tools: `sandbox_status`, `sandbox_up`, `sandbox_down`, `sandbox_destroy`, `sandbox_exec`, `sandbox_validate`, `sandbox_ssh_info`, `sandbox_gateway_info`, `sandbox_agent_identity`.

## What It Does

- **OverlayFS isolation** — host code mounted read-only, all writes contained in VM overlay
- **Network containment** — UFW firewall with explicit allowlist (HTTPS, DNS, Tailscale, NTP only)
- **Secrets management** — three injection methods, `0600` perms, never in process lists
- **Gated sync** — gitleaks scanning + path allowlist before changes reach your host
- **Docker sandboxing** — per-session containers with configurable network isolation
- **12 Ansible roles** — overlay, secrets, gateway, docker, firewall, sync-gate, gh-cli, buildlog, cadence, qortex, tailscale, and more

## Requirements

- macOS (Apple Silicon or Intel)
- [Homebrew](https://brew.sh/)
- ~10GB disk space

Dependencies (Lima, Ansible, etc.) are installed automatically on first run.

## Documentation

Full docs: [peleke.github.io/openclaw-sandbox](https://peleke.github.io/openclaw-sandbox/)

## License

MIT
