This is a project I've been working on since the beginning of 2025 full time, without funding.
Coding agents have fundamentally changed the way we write software. When you let an agent write code, pull dependencies, and run scripts, you are delegating trust while still keeping the responsibility. You shouldn't have to choose between moving fast with agents and maintaining basic control over your host machine.
Normally, we just inspect the final result, treating the app like a black box. Most security tools only sandbox the app runtime and ignore the build phase.
CapaKit is my attempt to make agent-driven development safe and productive.
Secrets baked into config, dependencies installed with full host access, and arbitrary scripts running during `npm install` are all things you need to take into account.
I started working on CapaKit in early 2025 (originally as mcpgate.com) after Anthropic announced MCP. As the agent ecosystem started to standardize, I wanted to apply what I've learned building with LLMs since GPT-3. Building real AI apps turns out to be really hard: lots of moving parts, from security to devops, on top of a fast-moving ecosystem.
What is special about CapaKit?
CapaKit sandboxes the entire app lifecycle, not just the running code- building, testing, and running, all first class citizens of usability and security.
What that means concretely: - Per-app policies with workload-level isolation. - No inherited host environment, no broad filesystem access. - No network by default — outbound traffic has to be explicitly allowed. - Ephemeral, single-use sandboxes for every build and run. - Secrets resolved on demand instead of hardcoded.
Security with awesome usability: you can upload your AI app Kits to Github and anyone can run them with a single command:
capakit run https://github.com/capakit/hello-world-demo-kit
CapaKit is currently macOS only and is free to use.
werttalkit•1h ago