Everything you need to
tame AI agents

From cost control to supply chain protection — the features that keep your agents productive, safe, and under control.

Explore features ↓

Human-in-the-Loop (HITL) for AI coding agents

Approve every dangerous bash, file write and code change from your phone — kernel-enforced, end-to-end encrypted.

Read the HITL page →

Cost Control

Know exactly what your agents spend — and stop them before they burn through your budget.

Token Monitor

Real-time tracking of input, output, and cache tokens. Cost calculation per model in dollars. Three configurable alert thresholds.

Live token counters (input / output / cache_read)
Warning threshold — notification to PWA
Critical threshold — alert + Telegram notification
Hard limit — auto-pause the agent

Loop Detector

Catches runaway agents before they waste tokens in infinite loops. Three detection patterns with automatic intervention.

cmd_repeat Same command executed repeatedly
err_repeat Same error pattern in a loop
file_pingpong Edit → revert → edit cycles on the same file

Uses Jaccard similarity to catch near-identical command variants.

Safety & Rollback

Every dangerous action has a safety net. Undo anything with one tap.

Git Auto-Checkpoint

Tamer automatically snapshots your repo before dangerous commands. If anything goes wrong, roll back from your phone.

# agent runs rm -rf src/
checkpoint created: chk-a3f9e2
# one tap on PWA
rolled back to chk-a3f9e2

Configurable triggers: on startup, before dangerous commands, before medium-risk operations, or on a periodic interval.

Supply Chain Protection

Blocks common attack vectors where AI agents unknowingly execute malicious payloads or leak sensitive data.

  • Download & Execute — blocks curl | sh, wget | bash
  • Data Exfiltration — detects outbound data smuggling attempts
  • Token Access — blocks unauthorized reads of API keys and credentials
  • CI/CD Protection — guards .github/workflows/, .gitlab-ci.yml

Built-in patterns are non-overridable. Add custom rules via YAML config.

Multi-Platform Sandbox

Kernel-level containment on every OS. Agents run in a cage — not on your system.

Linux

SBX-001 Landlock LSM

Filesystem isolation at kernel level. Agents can only access the project directory — nothing else.

SBX-002 seccomp-BPF

Syscall filtering. Blocks network sockets (AF_INET/AF_INET6), ptrace, mount, and privilege escalation.

SBX-005 Bubblewrap

Full namespace isolation. Read-only system, private PID space, restricted network. Like a container, but lighter.

Windows

WIN-001 Job Object

Process containment with memory and CPU limits. Kill-on-close ensures no orphan processes survive.

WIN-002 Low Integrity Process

Agents run in a low-integrity security context. Cannot write to system directories or access high-integrity resources.

WIN-003 Environment Sanitization

Subtractive env sanitization strips sensitive variables before agent spawn. Never rebuilds — only removes.

Master Agent

Orchestrate a team of AI agents. Assign roles, learn patterns, ship faster.

Multi-Worker Orchestration

Run multiple agents in parallel. The Master detects conflicts, syncs workspaces, and manages approvals from a central dashboard.

Worker Roles

Assign specialized roles — coder, reviewer, tester. Each role gets its own rules, skills, and scope. Built-in review pipeline.

Pattern Learning

The Master learns from your approval decisions. Safe patterns get auto-approved next time. You only intervene on new or risky actions.

Project Management

Structured work items with acceptance criteria. The Master tracks progress, runs silent audits, and reports completion status.

Developer Experience

Power tools built into your terminal. No context switching.

Command Palette

Press Ctrl+T to open the palette. 11 built-in commands:

help status protect approve
sandbox e2e org config
debug skill find

Skill Engine

Install, remove, and manage reusable skills. Canonical format with automatic transformation to your agent's native syntax.

$ tamer skill install debug-react
$ tamer skill list

Agent-Agnostic

One CLI for all your agents. Tamer wraps any CLI tool via PTY — no plugins or SDKs required.

$ tamer claude
$ tamer aider
$ tamer gemini
$ tamer cline
$ tamer -- any-cli-agent

Frequently asked questions

Which AI agents does tamer support?
Tamer wraps any CLI-based agent via PTY — no plugin or SDK required. Built-in adapters cover Claude Code, Aider, Gemini CLI, Cursor and Cline. Anything else can be wrapped with tamer -- <your-cli>.
Can I install tamer on my own servers?
Yes. Tamer is designed for on-premise deployment. Install the CLI on developer machines and self-host the relay server on your own infrastructure — Docker, fly.io, bare metal or your private VPC. Your code, secrets and PTY streams stay inside your network; the relay never reaches a third-party cloud.
Does tamer send my code or secrets to the cloud?
No. The relay only sees an encrypted PTY stream and redacted metadata. API keys, .env values and SSH keys never leave your machine. Encryption is AES-256-GCM end-to-end; the server is a blind transport.
How is the kernel sandbox different from a Docker container?
Tamer uses Linux Landlock, seccomp-BPF and optional bubblewrap on Linux, plus Job Object, Low Integrity Process and AppContainer on Windows. These primitives are unprivileged and start instantly — there is no daemon, no image and no root requirement, unlike a full container runtime.
Can I approve agent commands from my phone?
Yes. Tamer ships a Progressive Web App and Telegram alerts. Every dangerous command (bash, file deletion, supply-chain pattern) requires an explicit "Hold to Approve" confirmation from your phone before execution.
How do I allow Docker inside the sandbox?
By default, Docker credentials (~/.docker) are blocked inside the sandbox for security. To allow Docker access, remove ~/.docker from the file_deny list and add it to home_binds in your .tamer/config.yaml. The Docker socket (/var/run/docker.sock) is outside $HOME and accessible by default.

Ready to tame your agents?

Three commands to full control.

$ curl -fsSL https://server.tamer-ai.dev/install.sh | bash
$ tamer init
$ tamer claude
Try it free Installation Guide →