leash

🥈Silver

Leash by StrongDM wraps AI coding agents in containers, monitors their activity, and enforces policies. It benefits operations teams by securing AI agent workflows. It connects to AI agents like Claude and integrates with Cedar for policy definition.

526140Updated 2w ago

Intermediate30min to implementautomation

Saves ~120 min per use

Quick InstallView Source

git clone https://github.com/strongdm/leash.git

Works with:

Claude

Overview

About This Skill

How to Use

1. **Install Leash:** Run `pip install leash-strongdm` or use the Docker image `strongdm/leash:latest`. Ensure you have API credentials for Cedar policy engine. 2. **Define Policies:** Create a Cedar policy file (e.g., `ai_agent_policy.cedar`) with rules like: ```cedar permit( principal is AI::Agent, action in [#Read, #Write, #Execute], resource is FileSystem::Directory ) when { resource.path == "/workspace/" || resource.path == "/tmp/" }; ``` Load policies via `leash policy load ai_agent_policy.cedar`. 3. **Launch Containerized Agent:** Use the Leash CLI to wrap your AI agent: ```bash leash run --policy ai_agent_policy --workspace ./project_dir --task "Refactor auth service" ``` Replace `--task` with your specific instruction. 4. **Monitor Execution:** Real-time logs stream to stdout or your configured destination (e.g., ELK, Splunk). Use `leash logs tail` to follow activity. 5. **Generate Report:** After completion, run: ```bash leash report --output compliance_report.json ``` Share the report with security teams or attach to audit trails. For recurring tasks, automate via `leash cron`.

Setup & Installation

Quick Install

No install command available. Check the GitHub repository for manual installation instructions.

Alternative Install (Git Clone)

git clone https://github.com/strongdm/leash

Requirements

Claude Code or compatible AI agent
Works with: Claude

Quick Start Guide

Install the Skill

Copy the install command above and run it in your terminal.

Open Your AI Agent

Launch Claude Code, Cursor, or your preferred AI coding agent.

Try It Out

Use the prompt template or examples below to test the skill.

Customize

Adapt the skill to your specific use case and workflow.

Usage Examples

Prompt Template

Use Leash to containerize and monitor an AI coding agent executing [TASK] for [PROJECT_NAME]. Enforce the following security policy: [POLICY_RULE]. Log all container activity to [LOG_DESTINATION]. After execution, generate a compliance report summarizing resource usage, policy violations, and sandbox escape attempts.

Example Output

### Leash Containerized AI Agent Execution Report
**Project:** Acme Corp - Payment Gateway Refactor
**Task:** Migrate legacy auth logic from `auth.py` to a new microservice using FastAPI
**Policy Enforced:** 'No network egress to external IPs except whitelisted CDN endpoints'

#### Execution Summary
- **Container ID:** `leash-ai-agent-20240514-142211-abc123`
- **Runtime:** 47 minutes (started 14:22 UTC, terminated 15:09 UTC)
- **Resource Usage:** 2.1GB RAM, 1.8 CPU cores, 12.4GB disk I/O
- **Network Activity:** 42 internal connections (all to `redis:6379`, `postgres:5432`), 0 external connections
- **File System:** Read 187 files (12MB), wrote 42 files (8MB) to `/workspace/output/`

#### Policy Compliance
- ✅ **Network Policy:** Fully compliant. All external DNS lookups resolved to whitelisted IPs (`151.101.1.69`, `151.101.65.69` for `cdn.acme.com`)
- ✅ **File System Policy:** No attempts to write outside `/workspace/`, `/tmp/`, or `/leash/`
- ✅ **Process Policy:** Only spawned child processes from approved binaries (`python3`, `pip`, `git`)
- ⚠️ **Sandbox Alert:** Detected 3 attempts to use `os.system()` (all blocked by Leash's syscall filtering)

#### Artifacts Generated
1. **Compliance Log:** `/leash/logs/compliance-20240514-142211.json`
   ```json
   {
     "policy_violations": 0,
     "sandbox_escapes": 0,
     "resource_violations": 0,
     "network_anomalies": []
   }
   ```
2. **Diff Summary:** Changes to `auth.py` and new files in `/workspace/output/auth_service/`
3. **Performance Metrics:** Execution time breakdown by operation type

**Recommendation:** Agent fully compliant. No further action required. Consider adding `os.system` to deny-list if these calls are unnecessary.