GitHub - kstenerud/yoloai: Permission fatigue is a real problem. Sandbox escape is a real problem. yoloAI solves it.

Source
ai-agentssandboxdeveloper-toolsclidockerpermission-managementcode-reviewai-safety

Summary

yoloAI is an open-source CLI tool (Go binary) that solves “permission fatigue” in AI coding agents by running them inside disposable sandboxes (Docker, Podman, Tart, or macOS sandbox-exec). The agent works freely on an isolated copy of your project, then you review diffs and selectively apply changes back - eliminating the approve/deny prompt loop without sacrificing safety.

Key Insight

  • Core problem solved: after 100+ approve/deny prompts, developers either stop reading and blindly approve, or use --dangerously-skip-permissions - both terrible outcomes. yoloAI removes the question entirely by isolating the agent.
  • Architecture is composable, not monolithic: deliberately not an orchestrator (60+ already exist). Provides primitives (new, diff, apply, reset, destroy) that orchestrators can build on top of.
  • Git-powered review loop: changes are tracked as commits inside the sandbox, so apply patches your real project cleanly with individual commit history preserved. Each apply only transfers new commits since the last apply.
  • Multi-agent support: works with Claude Code, Codex, Gemini CLI, Aider, OpenCode, or plain shell.
  • Security tiers: standard runc, gVisor (userspace kernel, no KVM), Kata Containers (VM-based), and Kata+Firecracker (lightweight microVM). Configurable globally or per-sandbox.
  • Practical for long tasks: two-terminal workflow (yolo shell + outer shell) lets you iterate commit-by-commit, applying incrementally without risk.
  • Zero infrastructure: local CLI, no accounts, no cloud, no vendor lock-in. Just Go 1.24+ and a container backend.