by BerriAI
Self-hosted platform for running coding agents (Claude Code, Codex, Hermes) in isolated sandboxes with vault proxy.
# Add to your Claude Code skills
git clone https://github.com/BerriAI/litellm-agent-platformGuides for using ai agents skills like litellm-agent-platform.
Last scanned: 5/20/2026
{
"issues": [
{
"type": "npm-audit",
"message": "@anthropic-ai/claude-agent-sdk: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@anthropic-ai/sdk: Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "next: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "postcss: PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "ws: ws: Uninitialized memory disclosure",
"severity": "medium"
}
],
"status": "PASSED",
"scannedAt": "2026-05-20T07:43:43.391Z",
"semgrepRan": false,
"npmAuditRan": true,
"pipAuditRan": true
}[!WARNING] Deprecation Notice:
For a unified harness across OpenCode/Claude Code/Codex, go to:
lite-harness.For a minimal Rust AI Gateway for coding agents, go to:
litellm-rust
LiteLLM Agent Platform is self-hosted infrastructure for running coding agents — Claude Code, Codex, Hermes anything — inside isolated sandboxes with a credential vault, so agents can run with bypass-permissions on without ever seeing your real keys. Use it from the lap CLI in your terminal, the web UI, or call the API directly.
Learn more in the docs.
[!NOTE] The
lapCLI talks to a running instance of LiteLLM Agent Platform. To self-host the platform itself, jump to Self-hosting.
Install the lap CLI:
git clone https://github.com/BerriAI/litellm-agent-platform.git
cd litellm-agent-platform/cli && npm install
ln -sf "$PWD/bin/lap.mjs" ~/.local/bin/lap
Point it at your platform:
lap login
Open a sandbox:
lap claude-code-cli1
That spins up a fresh Kubernetes pod running Claude Code, attaches your local terminal to its TTY over a WebSocket, and drops you straight into the agent. The pod's env contains only stub credentials (e.g. GITHUB_TOKEN=stub_github_a8f1); the vault swaps them for real keys on every outbound TLS connection. Press Ctrl-D to detach; the session stays alive for 24h. See docs/lap-cli.md for the full CLI.
▶ Demo: setting up codex and claude-code sandboxes · ~5 min
End-to-end walkthrough: create an agent, open a sandbox from the lap CLI, attach a local terminal, run codex / claude-code inside.
| Harness | Quickstart |
|---|---|
| Claude Code | docs.litellm-agent-platform.ai/quickstart/claude-code |
| Codex | docs.litellm-agent-platform.ai/quickstart/codex |
| Hermes | docs.litellm-agent-platform.ai/quickstart/hermes |
Sandboxes run on Kubernetes via the kubernetes-sigs/agent-sandbox CRD. Local dev uses kind.
Prereqs: Docker Desktop, kind, kubectl, helm, a LiteLLM gateway URL (or run the bundled one — see below).
bin/kind-up.sh
docker compose up
bin/kind-up.sh is idempotent — provisions a kind cluster agent-sbx, installs the agent-sandbox controller, and loads the harness image. docker compose up boots Postgres, runs the schema migration, and starts web (:3000) + worker.
Open localhost:3000 to create an agent. Then point lap at it and run through the steps above.
If you don't already have a LiteLLM proxy you can route through, the repo ships an optional compose service that runs one locally. Copy the example config, fill in your provider key(s), and bring it up alongside the platform:
cp litellm-config.yaml.example litellm-config.yaml
# Edit litellm-config.yaml to enable the models you need
echo "ANTHROPIC_API_KEY=sk-ant-..." >> .env
docker compose -f docker-compose.yml -f docker-compose.litellm.yml up
The proxy listens on :4000. Point the platform at it via .env:
# kind sandbox backend (the default self-hosting path): the harness pods run
# in the kind cluster, on a separate Docker network from this compose project,
# and reach the host-published proxy port via host.docker.internal.
LITELLM_API_BASE=http://host.docker.internal:4000
LITELLM_API_KEY=sk-litellm-local-master # must match master_key in litellm-config.yaml
[!NOTE]
LITELLM_API_BASEis injected into the sandbox harness pods, not just the compose web/worker containers. With the kind backend, usehttp://host.docker.internal:4000— the pods live on thekindDocker network and cannot resolve thelitellmcompose service name. Only if you run without kind (e.g.LOCAL_SANDBOX_URLor the brain-inline harness, where everything stays inside this compose project) can you use the more directhttp://litellm:4000.
Architecture and tuning: docs/k8s-backend.md.
Recommended path: AWS EKS for the sandbox cluster, Render for web + worker. See deploy/ — bin/eks-up.sh provisions the cluster, the Render Blueprint at the top of deploy/render/README.md is one click.
Create an agent, open a session, send a message, read the reply — directly with curl. See docs/spawn-task-agent.md and src/server/DEVELOPER.md.
MIT — see LICENSE.
litellm-agent-platform is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by BerriAI. Self-hosted platform for running coding agents (Claude Code, Codex, Hermes) in isolated sandboxes with vault proxy. It has 540 GitHub stars.
Yes. litellm-agent-platform passed SkillsLLM's automated security scan — a dependency vulnerability audit plus prompt-injection heuristics — with no high-severity issues. You can read the full report in the Security Report section on this page.
Clone the repository with "git clone https://github.com/BerriAI/litellm-agent-platform" and add it to your Claude Code skills directory (see the Installation section above).
litellm-agent-platform is primarily written in TypeScript. It is open-source under BerriAI on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh litellm-agent-platform against similar tools.
No comments yet. Be the first to share your thoughts!