litellm-agent-platform
Health Pass
- License — License: MIT
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Community trust — 48 GitHub stars
Code Fail
- fs.rmSync — Destructive file system operation in cli/bin/lap.mjs
- os.homedir — User home directory access in cli/bin/lap.mjs
- process.env — Environment variable access in cli/bin/lap.mjs
- network request — Outbound network request in cli/bin/lap.mjs
Permissions Pass
- Permissions — No dangerous permissions requested
No AI report is available for this listing yet.
Self-hosted platform for running coding agents (Claude Code, Codex) in isolated sandboxes with vault proxy.
LiteLLM Agent Platform
Self-hosted platform for running coding agents in isolated sandboxes.
Run Claude Code, Codex, or any coding-agent harness in its own Kubernetes sandbox. A vault proxy sits in front of each sandbox and swaps stub credentials for real ones on outbound calls — the agent process never sees your raw credentials.
Why this exists
In most enterprises you can't just run claude --dangerously-skip-permissions on a corporate laptop. IT won't approve it. So developers babysit a permission popup every two minutes instead of shipping.
Run the agent inside a sandbox where the env contains only stub credentials and the vault swaps them at egress, and bypass-permissions becomes safe to enable.
How it works — developer flow
A developer never deals with Kubernetes or the vault. They install one CLI and run one command.
1. Install the lap CLI
git clone https://github.com/BerriAI/litellm-agent-platform.git
cd litellm-agent-platform/cli
npm install
chmod +x bin/lap.mjs
ln -sf "$PWD/bin/lap.mjs" ~/.local/bin/lap
2. Log in to your platform
lap login
# Agent platform URL: https://lap.acme.dev
# Master key: ••••••••••••••••
# ✓ saved to ~/.lap/config.json
3. List the agents your team has configured
lap agents
4. Open a sandbox
lap claude-code-cli1
That command spins up a fresh Kubernetes pod running Claude Code, attaches your local terminal to its TTY over a WebSocket, and drops you straight into the agent. Same feel as ssh — your iTerm / tmux / wezterm stays exactly where it is. Press Ctrl-D to detach; the session stays alive for 24h and you can reconnect by running lap <agent> again.
What's running in the sandbox
- The actual
claudeCLI undernode-pty - Working tree at
/work/repo, optionally cloned at boot - Credentials in the pod's env are stub placeholders:
Vault swaps them for the real values inline on every outbound TLS connection. The agent canGITHUB_TOKEN=stub_github_a8f1 LITELLM_API_KEY=stub_litellm_bb20echo $GITHUB_TOKENall it wants and only get the stub.
Full CLI docs: docs/lap-cli.md.
Self-hosting the platform
Sandboxes run on Kubernetes via the kubernetes-sigs/agent-sandbox CRD. Local dev uses kind.
Prereqs: Docker Desktop, kind, kubectl, helm, a LiteLLM gateway URL.
bin/kind-up.sh
docker compose up
bin/kind-up.sh is idempotent — provisions a kind cluster agent-sbx, installs the agent-sandbox controller, and loads the harness image. docker compose up boots Postgres, runs the schema migration, and starts web (:3000) + worker.
Open localhost:3000 to create an agent. Then point lap at it and run through the steps above.
Architecture and tuning: docs/k8s-backend.md.
Deploying to production
Recommended path: AWS EKS for the sandbox cluster, Render for web + worker. See deploy/ — bin/eks-up.sh provisions the cluster, the Render Blueprint at the top of deploy/render/README.md is one click.
Developer API
Create an agent, open a session, send a message, read the reply — directly with curl. See docs/spawn-task-agent.md and src/server/DEVELOPER.md.
License
MIT — see LICENSE.
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found