Alternatives and similar repositories for leash

Users that are interested in leash are comparing it to the libraries listed below

• lukehinds / nono
  A secure, kernel-enforced capability sandbox for AI agents. It's the opposite to YOLO
  ☆309Updated this week
• eqtylab / cupcake
  A native policy enforcement layer for AI coding agents. Built on OPA/Rego.
  ☆175Updated 3 weeks ago
• cased / sandboxes
  Universal API for cloud sandboxes + CLI
  ☆71Updated 3 weeks ago
• eqtylab / mcp-guardian
  Manage / Proxy / Secure your MCP Servers
  ☆192Updated 6 months ago
• trailofbits / mcp-context-protector
  MCP security wrapper
  ☆208Updated 2 months ago
• PwnFunction / sandbox
  Run untrusted AI code safely, fast
  ☆189Updated last month
• portofcontext / pctx
  pctx is the execution layer for agentic tool calls. It exposes custom tools and MCP servers as code that runs in secure sandboxes for tok…
  ☆198Updated this week
• dlorenc / multiclaude
  ☆461Updated last week
• wedow / ticket
  Fast, powerful, git-native ticket tracking in a single bash script. Dependency graphs, priority levels, zero setup.
  ☆523Updated this week
• jingkaihe / matchlock
  Matchlock secures AI agent workloads with a Linux-based sandbox.
  ☆345Updated this week
• mcpgod / cli
  Fine-grained control over model context protocol (MCP) clients, servers, and tools. Context is God.
  ☆113Updated 7 months ago
• Use-Tusk / fence
  Lightweight, container-free sandbox for running commands with network and filesystem restrictions
  ☆496Updated this week
• Katakate / k7
  Your own self-hosted infra for lightweight VM sandboxes to safely execute untrusted code. CLI, API, Python SDK. ⭐ Star it if you like it!…
  ☆721Updated last month
• cosinusalpha / webctl
  Browser automation via CLI — for humans and agents
  ☆396Updated last week
• simonw / llm-jq
  Write and execute jq programs with the help of LLM
  ☆192Updated last year
• mcp-shark / mcp-shark
  Wireshark-like forensic analysis for Model Context Protocol communications Capture, inspect, and investigate all HTTP requests and respo…
  ☆153Updated last week
• pancsta / secai
  AI Workflows and Context Management for reasoning bots
  ☆85Updated 3 weeks ago
• fulcrumresearch / quibbler
  ☆435Updated 2 months ago
• TryMightyAI / mighty-security
  Don't Simply Trust MCP Server Code, Validate and Scan
  ☆100Updated 5 months ago
• Dicklesworthstone / beads_rust
  A fast Rust port of Steve Yegge's beads - a local-first, non-invasive issue tracker for git repositories
  ☆495Updated this week
• coplane / par
  CLI for Parallel Worktree & Session Manager
  ☆126Updated 6 months ago
• simonw / llm-plugin-tools
  A cookiecutter template for creating a new LLM plugin that adds tools to LLM
  ☆28Updated 8 months ago
• aspectrr / fluid.sh
  Claude Code for Infrastructure
  ☆319Updated this week
• trailofbits / claude-code-devcontainer
  Sandboxed devcontainer for running Claude Code in bypass mode safely. Built for security audits and untrusted code review.
  ☆270Updated last week
• jmuncor / tokentap
  Intercept LLM API traffic and visualize token usage in a real-time terminal dashboard. Track costs, debug prompts, and monitor cont…
  ☆699Updated last week
• neilberkman / ccrider
  Search, browse, and resume your Claude Code sessions. Fast.
  ☆39Updated last week
• Edison-Watch / open-edison
  🔐 Firewall Your Data, Control Agents. Prevent agent data exfiltration. Gain visibility into AI's interactions with your data / systems o…
  ☆271Updated 2 weeks ago
• MCP-Defender / MCP-Defender
  Desktop app that automatically scans and blocks malicious MCP traffic in AI apps like Cursor, Claude, VS Code and Windsurf.
  ☆246Updated 5 months ago
• amlalabs / amla-sandbox
  ☆289Updated last week
• boldsoftware / sketch
  autonomous software apprentice
  ☆700Updated 3 weeks ago