Sandboxed dev environments that feel like localhost

mkenv creates disposable Docker containers for your project. No port mapping — ports bind dynamically. No host.docker.internal — localhost just works. No Dockerfile to write — mkenv auto-detects your stack. Sensitive paths like ~/.ssh and ~/.aws are blocked from mounting.

cd ~/projects/myapp && mkenv .

Your npm install, pip install, LLM agents, and builds run isolated. Your credentials stay on your host.

View on GitHub Get Started Read the Docs

THE PROBLEM

Every time we talk security and isolation we mean tradeoffs:

Ports need advance planning — Docker requires you to declare ports upfront. Spin up a server on :8080 mid-session? Restart the whole container.
localhost doesn't work — Everything becomes host.docker.internal. Your scripts break. Your configs break. Your muscle memory breaks.
New languages to learn — Dockerfile, docker-compose.yml, devcontainer.json. Each with its own syntax, quirks, and gotchas. More files to maintain.
Docker security is its own field — Privileged mode, capabilities, seccomp profiles, user namespaces. Get it wrong and your "isolation" is theater.
Setup complexity — Hours of configuration before you write a line of code. Then maintain it as your project evolves.
Tooling overhead — Your debugger needs remote config. Your terminal multiplexer needs setup. Everything needs one more step.
Many more (you name it)

Every developer understands they need isolation. But every day, when it's time to actually set it up, your brain screams "not today." So you run npm install on your host machine. Again.

We postpone security until something breaks. That's human nature.

Risk isn't hypothetical:

XZ Utils Backdoor — Core Linux library backdoored to tamper with SSH
Shai-Hulud npm worm — Self-spreading malware that backdoored hundreds of packages
PyTorch dependency confusion — Fake package exfiltrated SSH keys

See 14 more documented attacks →

WHAT IS MKENV?

Security always comes with a cost — configuration, changed workflows, things that break. mkenv aims to pay that cost for you. It's a CLI that generates hardened Docker environments from your project, handling security configuration, port forwarding, and path blocking so you don't have to.

mkenv gives you:

Auto-detection: Scans your project, detects runtimes (Node, Go, etc.), builds environment automatically. No configuration required.
Isolated execution: Your LLM agents and npm install run inside the sandbox, not on your host.
Localhost behavior: No port configuration, no host.docker.internal. Just use localhost as always.
Blocked sensitive paths: Can't mount ~/.ssh, ~/.aws, ~/.docker, browser profiles, password managers, and many more - even accidentally.
Pre-flight secret scan: Before starting, mkenv scans your project for .env files, API keys, private keys, and prompts you to confirm.
Network audit: All traffic logged locally. System-critical ports blocked by default.
Policy engine: Protects developers from accidental wrong moves. Teams can enforce their own rules — restrict tools, block ports, limit mount paths.

Ports just work

Run npm run dev inside the sandbox, access it at localhost:3000 in your browser. Run Postgres on your host, access it at localhost:5432 from inside. Bidirectional, on-demand, no configuration. How it works →

What makes mkenv environment hardened

Runs as non-root user — no sudo in sandbox
Shell history never stores tokens, keys, secrets
Critical paths physically blocked from mounting (even if you try)
Container destroyed on exit — compromised system can't persist
Only trusted base images used
Dangerous actions require explicit approval (installing packages, mounting paths, accessing secrets)

Your workstation runs only Docker, a browser, and the mkenv binary. All dev tools, runtimes, and dependencies stay inside the container.

HOW IS THIS DIFFERENT?

vs Devcontainers: No Dockerfile or devcontainer.json to write. Ports bind dynamically without configuration. Security guardrails are built-in — you can't accidentally mount ~/.ssh even if you try.

vs plain Docker: With Docker you build and maintain your environment from scratch, learning security quirks along the way. mkenv auto-detects your project, handles port forwarding bidirectionally, and bakes in security defaults. No Dockerfile to write or maintain.

vs Nix/Devbox: Those manage your toolchain but run code on your host. mkenv runs everything in a container — actual isolation, not just reproducibility.

vs all of them: mkenv has a policy engine. Developers are protected from accidental mistakes (mounting credentials, exposing dangerous ports). Teams can enforce their own rules. None of the alternatives have this built-in.

Audit trail: mkenv logs everything — network connections, port bindings, package installs, system changes. Full audit trail stored locally. When something goes wrong, you know exactly what happened.

ADVANCED CONFIGURATION (OPTIONAL)

Most projects need zero configuration — mkenv auto-detects your stack. When you do need to customize, we keep it minimal. No new DSL to learn, no 500-line YAML files.

.mkenv Configuration Files

Customize project defaults without repeating command-line flags. Place .mkenv files in your project root or parent directories for multi-project settings.

Bricks are atomic building blocks that mkenv uses to generate your environment — things like claude-code, nvim, node, go.

{
  "enabled_bricks": ["claude", "nvim"],
  "volumes": ["~/data:/data"]
}

Full .mkenv documentation →

Policy Configuration

Enforce security policies using policy.json. Control which tools can be used, restrict mount paths, and manage port access.

{
  "disabled_bricks": ["codex"],
  "allowed_project_path": "/home/user/projects",
  "reverse_proxy": {
    "denied_ports": [5432, 3306]
  }
}

Policy files use read-only permissions (chmod 444) to prevent unauthorized modification.

Full policy documentation →

INSTALLATION

Platform Support: Currently macOS only. Linux support in development. Windows support planned via WSL.

Prerequisites: Docker Desktop or Docker Engine must be installed and running

Install via Homebrew

brew tap 0xa1bed0/mkenv
brew install mkenv

Usage

cd /path/to/your/project
mkenv .

mkenv will analyze your project, build a container, and drop you inside. Subsequent runs reuse cached dependencies.

LICENSE

mkenv is released under the Elastic License 2.0 (ELv2)

You can: Use mkenv for personal projects, at work, across your company, in CI pipelines, and modify it for internal use.

You cannot: Resell mkenv, offer it as a hosted service (SaaS), or build a competing product from it.

ELv2 keeps mkenv free for developers while preventing commercial exploitation.

BUILT BY DEVELOPERS WHO GOT BURNED

We're not a big corporation or Security Enterprise Platform™.

We're developers who got burned by supply chain attacks and built the tool we wish we had.

If you've been thinking "I should really isolate my dev environment but it's too much work" — this is for you.

Star mkenv on GitHub