GrepGuard
Run AI agents in isolated cloud sandboxes from your terminal.
How it works
Install the CLI
npm install -g grepguardInstalls globally as a single executable.
Go to Account and create an API key
grepguard auth loginPaste your API key when prompted to link the CLI to your account.
Create a namespace
grepguard create namespace demoUse a project-style name so related agent runs stay grouped together.
Create a pod
grepguard create pod test --namespace demoPods are lightweight, disposable sandboxes that isolate your agents.
Run your agent
grepguard run test --agent opencode --prompt "hello" --namespace demoThe agent runs inside the pod you created. All file operations, code changes, and commands are confined to that sandbox.
Review the logs
grepguard logs test --agent opencode --namespace demoEvery action your agent took is recorded. Review the full logs to see what happened.
Explore all CLI commands in grepguard/clidocs.
Why GrepGuard
Isolated by default
Every run gets its own disposable cloud sandbox. Nothing your agent touches ever reaches your machine.
Built for agents, not scripts
Agents read and create files, install packages, and run shell commands you didn't ask for.
Sessions you can grep
Every sandbox leaves a structured log behind, so you can search back through exactly what an agent did.
Multiplayer by default
Every agent session is visible to your whole team. Watch runs live and inspect logs