Airut: Run Claude Code Tasks from Email and Slack with Isolated Sandboxes
Airut is an open-source system that allows users to trigger and manage Claude Code tasks via email/Slack threads, with full container isolation and credential protection.
Why it matters
Airut represents a significant evolution in how developers orchestrate Claude Code, moving it from a terminal tool to an asynchronous, workflow-integrated agent with enhanced security features.
Key Points
- 1Airut provides an asynchronous, auditable workflow for running Claude Code tasks from email and Slack
- 2Each task runs in a dedicated, isolated Podman container with a transparent proxy for network traffic and credential isolation
- 3The security model is configured via the repository's default branch, ensuring the agent cannot modify its own security rules
Details
Airut is a self-hosted, open-source bridge between communication tools (email, Slack) and Claude Code's capabilities. Instead of running Claude Code in the terminal, users can describe a task in plain language via an email or Slack message, and Airut will create a dedicated, isolated workspace for that conversation thread, clone the repository, and let Claude Code start working immediately. This provides an asynchronous, auditable workflow with persistent conversation logs for each task. The security model is configured via the repository's default branch, not the agent's workspace, ensuring the agent cannot modify its own security rules. Each task runs in a dedicated rootless Podman container with its own filesystem and process space, torn down after completion. Network traffic routes through a transparent proxy that enforces a per-repository allowlist, and credential isolation uses format-preserving surrogates to protect against theft. This addresses critical security concerns for teams adopting AI coding agents in production environments.
No comments yet
Be the first to comment