# repoman

**A safety harness for AI-assisted development. Per-project Incus containers, opinionated NFS backup.**

*An open-source project from [Leafscale, LLC](https://www.leafscale.com).*

AI coding agents — Claude Code, Aider, Cline, Continue, Gemini CLI — are extraordinarily productive when you give them broad permissions. They are also extraordinarily good at "fixing" things you didn't ask them to touch: rewriting the wrong file, mass-editing the wrong directory, running an install script against the host, deleting a path they misread, pushing a stray commit before you can stop them.

`repoman` puts each project inside its own [Incus](https://linuxcontainers.org/incus/) (LXC) container — a full Linux environment with its own root filesystem, package manager, and PATH — and bind-mounts just the repo's working directory into it. The agent gets a real shell that feels like its own VPS. **The host doesn't.**

## What that buys you

- **Your host OS stays sealed.** The agent can `apt install` whatever it wants, mangle its `/etc`, scribble into `/usr`, install systemd units — none of it reaches the host kernel, host services, or other projects. Reset is one command: `repoman remove && repoman new`.

- **One repo, one blast zone.** Every project gets its own container in the `repoman` Incus namespace. An agent loose in project A cannot see project B. No accidental cross-edits, no shared `node_modules` corruption, no rogue file watchers.

- **Source code survives mistakes.** Your repo lives on the host at `~/repos/<name>`; the container sees it through a uid-shifted bind mount. `repoman remove` deletes the container — **never the repo**. And `repoman sync` mirrors all your repos to NFS, so if the agent does mangle the working tree, last night's copy is still on the file server. Run that NFS on ZFS and snapshots give you full scroll-back.

- **`--dangerously-skip-permissions` stops being dangerous.** That's the whole point: run agents with the gloves off, knowing the worst case is "throw away the container."

- **Agents share what should be shared, nothing else.** A vendor profile library can bind-mount things like `~/.claude` (auth + history + plugins) into every container — one login, every project — without dragging in your SSH keys, browser cookies, or shell config.

## What it is, technically

- A single static binary (`repoman`) compiled from [reef-lang](https://reef-lang.org). No runtime to install, no Python, no Node.
- Built on **Incus**, the LXC fork that runs containers as proper Linux hosts (not application sandboxes like Docker). Real init, real services, real package managers.
- Linux-only, single-user, homelab-shaped. Niche by design.

## A minute of it

```bash
repoman setup                    # one-time host bootstrap
repoman profile install --all    # install vendor profiles (claude-share, llm-share, dotfiles)
repoman new my-project           # create container + bind-mount ~/repos/my-project
repoman shell my-project         # drop into it; let the agent off the leash
repoman sync                     # rsync every repo to NFS for backup
repoman remove my-project        # toss the container; the repo on host is untouched
```

---

(C)opyright 2026, [Leafscale, LLC](https://www.leafscale.com). Released as open-source software; see the LICENSE file in the source tree for terms.