Skip to content
/
Tier A A9 Sandbox substrate

VibeKit

vibekit · superagent-ai/vibekit · ★ 1.8k · last commit 2026-01-13

Primitive shape
No installable primitives
00

Summary

VibeKit — Summary

VibeKit is a TypeScript SDK and CLI (vibekit) for running any coding agent (Claude Code, Gemini CLI, Codex, Grok, OpenCode) inside isolated Docker containers with sensitive-data redaction and observability baked in. Its core value is a fluent SDK (VibeKit) that chains .withAgent(), .withSandbox(), .withGithub(), .withSecrets() together, routes to a pluggable sandbox backend (E2B, Daytona, Northflank, Modal, Cloudflare, Dagger, Blaxel, or Beam), and exposes a generateCode() method that runs the selected agent in the selected sandbox. It supports git worktree-based isolation for branch development and can auto-create GitHub PRs via .createPullRequest(). It is the most "glue layer" project in this batch — it sits between agent frameworks (providing the agent selection) and sandbox infrastructure (providing pluggable backends), rather than being either. The seed frameworks all operate within the agent loop via prompts/skills/hooks; VibeKit operates at the agent-dispatch layer, composing agents + sandboxes without injecting behavioral instructions.

01

Overview

VibeKit — Overview

Origin

VibeKit (superagent-ai/vibekit) is built by Superagent Technologies Inc. as a TypeScript SDK focused on safe, observable agent execution. As of May 2026: 1,790 stars, 18 contributors, MIT license. Last commit January 2026.

Philosophy

From the README: "VibeKit is the safety layer for your coding agent. Run Claude Code, Gemini, Codex — or any coding agent — in a clean, isolated sandbox with sensitive data redaction and observability baked in."

Key design values:

  • Universal agent support: Works with Claude Code, Gemini CLI, Grok CLI, Codex CLI, OpenCode
  • Pluggable sandboxes: Multiple backend providers (E2B, Daytona, Northflank, Modal, Cloudflare, Dagger, Blaxel, Beam)
  • Built-in redaction: Auto-removes secrets, API keys, sensitive data from agent outputs
  • Works offline & locally: No cloud dependencies required (with local Docker sandbox)
  • Observability: Real-time logs, traces, metrics

Positioning

VibeKit is a "glue layer" — it orchestrates the connection between:

  1. An LLM agent type (Claude, Codex, Gemini, etc.)
  2. A sandbox provider (E2B, Daytona, Docker, etc.)
  3. Git integration (worktrees, branches, PR creation)
  4. Secret management (redaction + environment forwarding)

This makes it different from pure sandbox infrastructure (E2B, Daytona, microsandbox) and different from pure agent behavior frameworks (seeds).

Packages

The monorepo (packages/) contains:

  • cli — VibeKit CLI (vibekit)
  • sdk — Core TypeScript SDK (@vibe-kit/sdk)
  • auth — Authentication (@vibe-kit/auth)
  • e2b — E2B sandbox provider (@vibe-kit/e2b)
  • daytona — Daytona sandbox provider (@vibe-kit/daytona)
  • northflank — Northflank provider
  • modal — Modal provider
  • cloudflare — Cloudflare provider
  • dagger — Dagger CI/CD provider
  • blaxel — Blaxel provider
  • beam — Beam provider
  • dashboard — (listed)
02

Architecture

VibeKit — Architecture

Distribution

  • CLI: npm install -g vibekitvibekit claude, vibekit codex, vibekit gemini
  • SDK: npm install @vibe-kit/sdk + provider package (@vibe-kit/e2b, @vibe-kit/daytona, etc.)
  • Platform: Node.js, TypeScript; works with local Docker or cloud sandbox providers

Monorepo Structure

vibekit/
├── packages/
│   ├── cli/           — vibekit CLI (npm: vibekit)
│   ├── sdk/           — Core SDK (@vibe-kit/sdk)
│   ├── auth/          — Auth helpers (@vibe-kit/auth)
│   ├── e2b/           — E2B sandbox provider
│   ├── daytona/       — Daytona sandbox provider
│   ├── northflank/    — Northflank provider
│   ├── modal/         — Modal provider
│   ├── cloudflare/    — Cloudflare provider
│   ├── dagger/        — Dagger provider
│   ├── blaxel/        — Blaxel provider
│   ├── beam/          — Beam provider
│   └── dashboard/     — Dashboard package
├── templates/         — Sandbox template definitions
├── docs/              — Documentation
├── test/              — Integration tests
└── package.json       — monorepo root

SDK Architecture

Fluent builder pattern:

const vibeKit = new VibeKit()
  .withAgent({ type: "claude", provider: "anthropic", apiKey: "...", model: "..." })
  .withSandbox(sandboxProvider)
  .withGithub({ token: "...", repository: "owner/repo" })
  .withSecrets({ "DATABASE_URL": "..." })
  .withWorktrees({ cleanup: true })
  .withWorkingDirectory("/path/to/project")
  .withSession("existing-sandbox-id");  // reuse session

Key operations:

  • vibeKit.generateCode({ prompt, mode }) — run agent in sandbox
  • vibeKit.createPullRequest() — auto-create GitHub PR
  • vibeKit.kill() — stop sandbox

Provider Pattern

Each sandbox provider package exports a create<Provider>Provider() factory function. Providers implement a common interface consumed by the SDK core.

Required Runtime

  • Node.js ≥ 18
  • Docker (for local Docker sandbox provider)
  • API keys for cloud providers (E2B, Daytona, Northflank, etc.) if used
03

Components

VibeKit — Components

CLI (vibekit)

Command Purpose
vibekit claude Run Claude Code in isolated Docker container
vibekit codex Run Codex in isolated Docker container
vibekit gemini Run Gemini CLI in isolated Docker container
vibekit grok Run Grok CLI in isolated Docker container
vibekit opencode Run OpenCode in isolated Docker container

SDK Core (@vibe-kit/sdk)

Builder Methods

Method Purpose
.withAgent(config) Select agent (type, provider, apiKey, model)
.withSandbox(provider) Select sandbox backend
.withGithub(config) GitHub token + repo for PR creation
.withWorkingDirectory(path) Set working directory
.withSecrets(env) Environment variables (redacted in outputs)
.withSession(id) Reuse existing sandbox session
.withWorktrees(config) Git worktree isolation + cleanup

Primary Operations

Method Purpose
generateCode({ prompt, mode, branch?, history? }) Run agent in sandbox
createPullRequest(labelOptions?, branchPrefix?) Auto-create GitHub PR
kill() Stop and cleanup sandbox
.on("update", handler) Stream agent updates
.on("error", handler) Stream errors

Sandbox Providers

Package Provider Notes
@vibe-kit/e2b E2B createE2BProvider({ apiKey, templateId })
@vibe-kit/daytona Daytona createDaytonaProvider({ apiKey, image })
@vibe-kit/northflank Northflank createNorthflankProvider({ apiKey, image })
@vibe-kit/modal Modal createModalProvider({ image }) — requires CLI setup
@vibe-kit/cloudflare Cloudflare Workers createCloudflareProvider(...)
@vibe-kit/dagger Dagger CI/CD createDaggerProvider(...)
@vibe-kit/blaxel Blaxel createBlaxelProvider(...)
@vibe-kit/beam Beam createBeamProvider(...)

Supported Agents

  • type: "claude" — Claude Code
  • type: "codex" — OpenAI Codex
  • type: "opencode" — OpenCode
  • type: "gemini" — Google Gemini CLI
  • type: "grok" — xAI Grok CLI

Auth Package (@vibe-kit/auth)

Handles MAX subscription authentication for accessing agents via auth flows.

05

Prompts

VibeKit — Prompts

VibeKit ships no agent prompt files, skills, hooks, or behavioral injection in the SDK repository. It routes prompts written by the application developer to the selected agent, but does not itself define agent behavior.

Verbatim: SDK Quickstart (README)

import { VibeKit } from "@vibe-kit/sdk";
import { createE2BProvider } from "@vibe-kit/e2b";

const e2bProvider = createE2BProvider({
  apiKey: process.env.E2B_API_KEY!,
  templateId: "vibekit-claude",
});

const vibeKit = new VibeKit()
  .withAgent({
    type: "claude",
    provider: "anthropic",
    apiKey: process.env.ANTHROPIC_API_KEY!,
    model: "claude-sonnet-4-20250514",
  })
  .withSandbox(e2bProvider);

vibeKit.on("update", (update) => { console.log("Update:", update); });
vibeKit.on("error", (error) => { console.error("Error:", error); });

const result = await vibeKit.generateCode({
  prompt: "Create a simple web app that displays a list of users",
  mode: "code",
});

await vibeKit.kill();

Technique: Fluent builder pattern. The prompt field is application-provided — VibeKit passes it to the selected agent. VibeKit itself adds no system prompt or behavioral instruction.

Verbatim: CLI Usage (README)

npm install -g vibekit
vibekit claude

Technique: Zero-config agent launch. The CLI wraps Claude Code in a Docker container with redaction and observability. The agent's own prompt engineering (CLAUDE.md, skills, etc.) applies normally.

Verbatim: LLM.md (Project-Level Agent Instructions)

The repo ships an LLM.md file which is equivalent to a CLAUDE.md for contributors. From the README listing:

LLM.md  — developer instructions for AI coding agents contributing to VibeKit

(Full content not fetched, but this is contributor tooling, not user-facing agent behavior.)

Assessment

VibeKit is a routing/execution layer. Prompts flow through it but are not modified or supplemented by VibeKit. The redaction feature strips sensitive data from agent outputs, not inputs. Zero behavioral instruction injection.

09

Uniqueness

VibeKit — Uniqueness & Positioning

differs_from_seeds

VibeKit is architecturally between the seed frameworks and pure sandbox infrastructure. Seed frameworks (superpowers, BMAD, claude-flow, openspec, etc.) operate inside the agent loop, injecting behavioral instructions via skills/hooks/personas. Pure sandbox infrastructure (E2B, Daytona, microsandbox) provides isolated execution environments without touching agent behavior. VibeKit sits at the agent-dispatch layer: it selects which agent to run (Claude/Codex/Gemini/Grok/OpenCode), which sandbox to use (E2B/Daytona/Docker/etc.), how to isolate work (git worktrees), and how to surface results (GitHub PR creation, event streaming). It does not inject behavioral instructions into the agent — the agent's own prompt engineering applies normally. The closest seed is perhaps claude-conductor (which provides infrastructure templates for agent management) but claude-conductor is methodology-doc while VibeKit is a live SDK with code execution.

Positioning Within This Batch

VibeKit is uniquely a "meta-abstraction layer":

  • vs E2B/Daytona/microsandbox: Those are sandbox infrastructure; VibeKit adds agent selection + redaction + git integration + PR creation on top
  • vs brood-box: brood-box is a local microVM wrapper for specific agents; VibeKit is a TypeScript SDK with pluggable cloud backends
  • vs arrakis: arrakis is a self-hosted server; VibeKit is an npm SDK with multiple backend options

Distinctive Opinion

The safety layer between an application and an AI coding agent should be: (1) pluggable across agent types, (2) pluggable across sandbox backends, (3) redact sensitive data by default, and (4) make PR creation a first-class operation.

Explicit Antipatterns

  • Tying applications to a single agent type or sandbox provider
  • Exposing secrets in agent output streams

Observable Failure Modes

  1. Last commit January 2026: Development appears to have slowed; may be unmaintained
  2. Node.js only: TypeScript/npm ecosystem only — no Python, Go, or Rust SDK
  3. Docker dependency for local: Local sandbox requires Docker daemon
  4. Redaction accuracy: Auto-redaction heuristics may miss novel secret patterns or have false positives
  5. Provider instability: 8 sandbox providers = 8 external dependencies that can break

Cross-References in This Batch

  • Ships @vibe-kit/e2b provider — E2B is a direct dependency
  • Ships @vibe-kit/daytona provider — Daytona is a direct dependency
  • CLI runs agents in Docker containers — independent of microsandbox/brood-box
04

Workflow

VibeKit — Workflow

CLI Workflow (Simplest)

npm install -g vibekit
export ANTHROPIC_API_KEY="sk-ant-..."
vibekit claude

SDK Workflow (Full)

import { VibeKit } from "@vibe-kit/sdk";
import { createE2BProvider } from "@vibe-kit/e2b";

const e2bProvider = createE2BProvider({ apiKey: process.env.E2B_API_KEY! });

const vibeKit = new VibeKit()
  .withAgent({
    type: "claude",
    provider: "anthropic",
    apiKey: process.env.ANTHROPIC_API_KEY!,
    model: "claude-sonnet-4-20250514",
  })
  .withSandbox(e2bProvider)
  .withGithub({ token: process.env.GITHUB_TOKEN!, repository: "owner/repo" })
  .withWorktrees({ cleanup: true });

// Stream updates
vibeKit.on("update", (update) => console.log("Update:", update));
vibeKit.on("error", (error) => console.error("Error:", error));

// Generate code
const result = await vibeKit.generateCode({
  prompt: "Create a React todo app",
  mode: "code",
});

// Auto-create PR
await vibeKit.createPullRequest();

// Cleanup
await vibeKit.kill();

Phases

Phase What Happens Artifact
1. Agent Config .withAgent() selects agent type + model + credentials Agent config
2. Sandbox Init .withSandbox() connects to chosen provider Sandbox provider
3. Code Generation generateCode() runs agent in sandbox Code result + conversation history
4. (Optional) PR Creation createPullRequest() commits and opens PR GitHub PR URL
5. Cleanup kill() stops sandbox (none)

Worktree Pattern

.withWorktrees({
  root: "/custom/worktree/path",  // optional
  cleanup: true                    // auto-cleanup after (default: true)
})

With worktrees enabled, each generateCode() call with a branch parameter creates an isolated git worktree for the work.

Approval Gates

None in the automated flow. generateCode() returns when the agent finishes. PR creation is a manual explicit call, not automatic.

Conversation History

The history parameter in generateCode() allows multi-turn conversations by passing prior conversation turns.

06

Memory Context

VibeKit — Memory & Context

Conversation History

VibeKit supports multi-turn conversations via the history parameter in generateCode():

const result1 = await vibeKit.generateCode({ prompt: "Create a React component", mode: "code" });

const result2 = await vibeKit.generateCode({
  prompt: "Now add TypeScript types to it",
  mode: "code",
  history: result1.history,  // pass prior conversation history
});

This is pass-through — VibeKit forwards the history to the underlying agent; it does not process or summarize it.

Session Reuse

.withSession("existing-sandbox-id")

Allows reusing an existing sandbox session, maintaining sandbox filesystem state across SDK calls.

Git Worktrees for State Isolation

.withWorktrees({ cleanup: true })
generateCode({ prompt: "...", branch: "feature-xyz" })

With worktrees enabled, each branch gets an isolated git worktree. The worktree persists until cleanup runs. This provides file-system-level state isolation per branch, not per sandbox.

No Framework-Level Memory

VibeKit has no:

  • Vector database
  • SQLite memory store
  • Cross-session agent context compaction
  • Knowledge graph

Memory management is entirely the application's responsibility. VibeKit only handles the conversation history pass-through and sandbox session reuse.

Sensitive Data Handling

The redaction feature automatically removes secrets, API keys, and other sensitive data from agent outputs (streamed via on("update")). This is output-side filtering, not a memory system.

07

Orchestration

VibeKit — Orchestration

Multi-Agent Support

Multiple VibeKit instances can run concurrently (each manages one agent+sandbox pair). No built-in coordination between instances.

Isolation Mechanism

Container (Docker, local default) or pluggable cloud sandbox provider (E2B, Daytona, Northflank, etc.). The isolation level depends on the chosen provider:

  • Local Docker: namespace-based container isolation
  • E2B: cloud sandbox
  • Daytona: OCI/container with dedicated kernel

Execution Mode

Interactive one-shot (CLI) or programmatic on-demand (SDK). generateCode() runs until the agent completes; it returns results. No background daemon.

Orchestration Pattern

None built-in. VibeKit is an SDK — the application orchestrates multiple VibeKit instances if needed.

Multi-Model

No within a single VibeKit instance. However, the SDK is explicitly designed to switch between model providers — type: "claude" vs type: "codex" vs type: "gemini" are first-class choices. An application could create multiple VibeKit instances with different agents.

Git Automation

Yes — explicit, not automatic:

  • .withWorktrees(): git worktree isolation per branch
  • .createPullRequest(): creates a GitHub PR from the branch (explicit call, not automatic)
  • branch parameter in generateCode(): targets a specific branch

Observability

  • vibeKit.on("update", handler): real-time streaming of agent output
  • vibeKit.on("error", handler): error streaming
  • Built-in redaction of sensitive data in update stream
  • "Complete visibility into agent operations with real-time logs, traces, and metrics" (from README)

Consensus Mechanism

None.

Prompt Chaining

Not built-in, but supported via the history parameter — conversation history from one call can feed the next.

08

Ui Cli Surface

VibeKit — UI & CLI Surface

CLI Binary (vibekit)

  • Binary name: vibekit
  • Install: npm install -g vibekit
  • Is thin wrapper: Yes — wraps chosen agent in Docker container with redaction + observability
  • Subcommands: claude, codex, gemini, grok, opencode

Local Web Dashboard

A dashboard package exists in packages/dashboard. Details not accessible without reading the package source, but it likely provides UI for monitoring agent sessions.

SDK Event Streaming

The primary observability surface for SDK users:

vibeKit.on("update", (update) => {
  // Real-time agent output (after redaction)
  console.log("Update:", update);
});

vibeKit.on("error", (error) => {
  console.error("Error:", error);
});

Notable Feature: Sensitive Data Redaction

Auto-removes secrets, API keys, and sensitive data from agent output streams before they reach the application. This is a passive filter — the agent inside the sandbox sees everything, but the application receives redacted output.

Auth Package

@vibe-kit/auth handles MAX subscription authentication flows for using agents via Anthropic MAX or similar subscription services.

IDE Integration

None. VibeKit is used programmatically from application code or via the CLI.

Testing

npm run test  # vitest-based test suite

Related frameworks

same archetype · same primary tool · same memory type

Daytona ★ 72k
A9 Sandbox substrate

Provide secure, elastic, sub-90ms sandbox compute infrastructure for running AI-generated code, accessible via multi-language…

CUA ★ 17k
A9 Sandbox substrate

Unified SDK for building, benchmarking, and deploying agents that interact with full OS GUIs via isolated VMs.

E2B ★ 12k
A9 Sandbox substrate

Run AI-generated code safely in cloud-hosted isolated sandboxes via a 3-line SDK integration.

OpenSandbox ★ 11k
A9 Sandbox substrate

Protocol-first general-purpose sandbox platform for AI applications with multi-language SDKs and pluggable isolation backends.

Microsandbox ★ 6.3k
A9 Sandbox substrate

Spawn hardware-isolated microVMs as child processes directly from application code, with no server setup, in under 100ms.

CubeSandbox ★ 5.9k
A9 Sandbox substrate

Sub-60ms KVM microVM sandboxes for AI agents with E2B drop-in compatibility and <5MB memory overhead.