Sandboxed AI coding agents on OpenShift/Kubernetes — natively.
Alcove runs AI coding agents (Claude Code) in ephemeral, network-isolated containers with full auditability. Each task gets a fresh container, a scoped authorization proxy, and a complete session transcript. No persistent state crosses task boundaries.
Long-running AI agents accumulate context window contamination, credential exposure, and filesystem state that creates security and reliability problems. Alcove takes the opposite approach: one task, one container, then destroy it. See Problem Statement.
Alcove is built around five north-star security principles that ensure safe AI agent execution:
- Safe Sandboxing — Every task runs in an ephemeral, network-isolated container that's never reused
- Data Leakage Protection — Real credentials are never available to the LLM; Gate injects them at proxy level
- Human-in-the-Loop Controls — Security profiles and approval gates ensure humans control what agents can access
- Audit Records — Every network request and LLM interaction is logged with full session transcripts
- Least Privilege — Gate's network proxy denies by default; only explicitly allowed operations are permitted
For implementation details, see Security Principles.
| Component | Name | Purpose |
|---|---|---|
| Controller | Bridge | Coordination, dashboard, REST API, scheduler |
| Worker | Skiff | Ephemeral Claude Code execution (k8s Job / podman run) |
| Auth Proxy | Gate | Network sandbox, token replacement, LLM API proxy |
| Message Bus | Hail | Task dispatch and status (NATS) |
| Session Store | Ledger | Audit trail, transcripts, proxy logs (PostgreSQL) |
Phase 1 complete with Phase 2 features underway. Working end-to-end pipeline: CLI, REST API, dashboard, task scheduler, ephemeral container execution (podman and Kubernetes), NATS messaging, PostgreSQL session storage, credential management, dual auth backends, skill/agent repos (Claude Code plugins loaded into workers), YAML task definitions (version-controlled reusable tasks from git repos), cross-repository workflow orchestration with per-repo credential validation, and per-task NetworkPolicy enforcement on Kubernetes. See Implementation Status for details.
- Go 1.25+
- podman (rootless)
- make
- An LLM provider (Anthropic API key or Google Vertex AI credentials)
git clone https://github.com/bmbouter/alcove.git
cd alcove
make up
# make up auto-generates alcove.yaml with a random database encryption key
# Open http://localhost:8080 — log in with admin/admin
# Configure LLM credentials and providers in the dashboardFor the full setup walkthrough, see the Getting Started guide.
curl -fsSL https://raw.githubusercontent.com/bmbouter/alcove/main/scripts/install.sh | bashiex (iwr -useb 'https://raw.githubusercontent.com/bmbouter/alcove/main/scripts/install.ps1').ContentDownload platform-specific binaries from GitHub Releases:
- Linux AMD64:
alcove-linux-amd64 - Linux ARM64:
alcove-linux-arm64 - macOS Intel:
alcove-darwin-amd64 - macOS Apple Silicon:
alcove-darwin-arm64 - Windows:
alcove-windows-amd64.exe
alcove version
alcove --help# Connect to your Bridge instance
alcove login https://your-bridge-instance.com
# Submit a task
alcove run "Fix the bug in the login function"
# List recent sessions
alcove list --since 24h
# Stream logs in real-time
alcove logs <session-id> --follow| Document | Description |
|---|---|
| Getting Started | Setup, configuration, and first task walkthrough |
| Configuration | All environment variables, skill repos, task definitions |
| API Reference | REST API endpoints, request/response formats |
| CLI Reference | All commands, flags, and usage examples |
| Development Guide | Building, testing, adding features |
| Architecture | Component design, deployment diagrams, roadmap |
| Security Principles | Five north-star security principles with implementation details |
| Architecture Decisions | Resolved design choices (18 decisions) |
| Implementation Status | Current state, what works, what is next |
| Problem Statement | Why ephemeral agents |
| Credential Management | How Bridge manages credentials and passes tokens to Gate |
| Auth Backends | Authentication and authorization design |
| Changelog | Release history and version notes |
See CONTRIBUTING.md for development setup, build instructions, and how to submit changes.
Licensed under the Apache License, Version 2.0.