Chamber is a tool for running coding agents like Claude or Codex inside Tart macOS virtual machines with the current directory mounted. It provides a lightweight isolated environment for you agents in YOLO mode.
Don't think about prompt injection attacks anymore! Configure a macOS virtual machine only with YOLO-safe permissions and run your agents inside it with Chamber.
- VM Isolation Security: Prevents prompt injection attacks by isolating AI agents in ephemeral VMs
- Agent Safety: Perfect for AI agents running with flags like
--dangerously-skip-permissions,--dangerously-bypass-approvals-and-sandbox, or similar "YOLO" modes - Run commands in isolated Tart VMs that are automatically destroyed after execution
- Automatic mounting of current directory
First install chamber and initialize it so it will download (around 20GB) and setup a seed virtual machine for all future executions:
brew install --cask cirruslabs/cli/chamber
chamber init ghcr.io/cirruslabs/macos-sequoia-base:latestThis will create a chamber-seed Tart VM. You can customize the base image to your needs:
tart run chamber-seed
Problem: AI agents running with permissive flags like --dangerously-skip-permissions, --dangerously-bypass-approvals-and-sandbox, --yes, or --auto-commits are vulnerable to prompt injection attacks that can compromise your host system.
Solution: Chamber isolates AI agents in ephemeral VMs, making "YOLO" mode safe:
# ❌ DANGEROUS: Direct execution on host
claude --dangerously-skip-permissions
codex --dangerously-bypass-approvals-and-sandbox
# ✅ SAFE: Isolated execution in ephemeral VM (chamber will automatically add the dangerous flags for you)
chamber claude
chamber codexKey Benefits:
- Zero Host Risk: Even if prompt injection succeeds, damage is contained in the VM
- Automatic Cleanup: VMs are destroyed after each run - always start from a clean seed image
- Full Functionality: AI agents work normally but can't escape the sandbox
- Easy Integration: Just prefix your existing AI agent commands with
chamber
This project is licensed under the AGPLv3. Tart is licensed under the Fair Source License which allow royalty free usage on personal devices and work stations.