Container wrapper for yoloing code agents safely.
curl -fsSL https://raw.githubusercontent.com/maurycy/aipod/main/install.sh | sh
git clone https://github.com/maurycy/aipod && cd aipod && ./aipod
Requires Podman - starts in ~1-5 minutes
Connect with Dev Containers - run Copilot and extensions safely isolated
Container isolation keeps your computer safe
Around 500 lines of POSIX shell - easy to audit and understand
Bring your own dotfiles with chezmoi - just set CHEZMOI_DOTFILES_REPO
Modern Python tooling through the uv package manager
Node.js v25 ready to go with nvm for version management
Complete set of libraries and CLI tools out of the box
One command to remove everything - aipod clean and start fresh
aipodBuilds the container image and drops you into a zsh shell with all tools ready.
Run aipod mount ~/projects/myapp to share directories with the container.
Run aipod run claude or aipod run codex from your project directory. Agents will work from inside the container.
Run aipod clean to remove everything and start fresh.
Configure the environment through aipod config - adjust username, hostname, dotfiles, and toolchains.
USERNAME=developer
HOSTNAME=aipod
CHEZMOI_DOTFILES_REPO= # eg: user/dotfiles
USE_RUST=true # including ripgrep
USE_NPM=true
USE_UV=true
USE_CLAUDE_CODE=true
USE_CODEX=true
USE_MISE=falsePodman runs rootless by default, providing better security isolation. It's also daemonless and compatible with Docker images.
Debian is stable, well-documented, and has excellent package availability. It's a boring choice - and that's exactly what you want for a dev environment.
Container isolation is not a security boundary in the same way a VM is. An agent with root inside the container could potentially escape via kernel exploits. That said, it's a significant barrier that stops accidental damage and most misbehavior. Don't run untrusted code expecting perfect isolation.
The container is yours to customize. Install anything you need, or modify the build scripts in the repo.