Your AI agent has full access to your machine. thane fixes that.

Sandbox, audit, and queue your AI coding agents — so you can let them work autonomously without the risk.

Download v0.1.0-beta.21All Downloads

Three problems every developer hits

AI coding agents are powerful. They're also unsandboxed, unaudited, and unsupervised. thane fixes all three.

My agent could wreck my system

OS-level sandboxing per workspace. Landlock + seccomp on Linux, Seatbelt on macOS. Your agent can’t touch anything you don’t explicitly allow.

Learn more ↓

I don’t trust what my agent is doing

Tamper-proof audit trail with SHA-256 hash chaining. Every file access, command execution, network call, and secret access is logged.

Learn more ↓

I waste time babysitting agent runs

Queue tasks with priorities and dependencies, then walk away. Token limit hit? The queue auto-pauses and resumes when your budget resets.

Learn more ↓

What you're missing

Running AI agents in a regular terminal? Here's what that looks like.

Regular terminal

  • OS-level sandboxing
  • Tamper-proof audit trail
  • Agent task queue
  • Cost & token tracking
  • PII / secret detection
  • Agent stall detection

thane

  • OS-level sandboxing
  • Tamper-proof audit trail
  • Agent task queue
  • Cost & token tracking
  • PII / secret detection
  • Agent stall detection

Sandboxed Workspaces

Every workspace can be its own sandbox. On Linux, Landlock LSM restricts file access and seccomp-bpf blocks dangerous syscalls at the kernel level. On macOS, Seatbelt profiles enforce entitlement-based restrictions. Network access is opt-in. Your agents work freely inside their boundaries — your system stays safe.

  • Per-workspace file restrictions (read-only, read-write, denied paths)
  • seccomp-bpf syscall filtering blocks privilege escalation (Linux)
  • Seatbelt deny-default profiles with explicit allows (macOS)
  • Network isolation toggle per workspace
  • Default blacklist: ~/.ssh, ~/.aws, ~/.gnupg, credentials, .env files

Tamper-Proof Audit Trail

Every security-relevant event is logged in an append-only JSONL file with SHA-256 hash chaining. Each entry references the previous entry’s hash — if anyone tampers with the log, the chain breaks. 20+ event types covering file access, command execution, network calls, sandbox violations, and secret detection.

  • SHA-256 hash-chained append-only event log
  • 20+ event types: file I/O, commands, network, secrets, PII
  • PII scanning: emails, SSNs, credit cards, API keys, SSH keys
  • Severity filtering (info / warning / alert / critical)
  • JSON export for compliance reporting and SIEM integration

Agent Queue

Queue up Claude Code tasks for headless execution via claude --print. Set priorities, chain dependencies between tasks, and let thane work through them unattended. When a token limit is hit, the queue auto-pauses and resumes when your budget resets. Review completed and failed task history with full output logs.

  • Headless execution — no workspace or terminal created
  • Priority-based scheduling with dependency chaining
  • Token limit auto-pause and resume
  • Per-task token usage tracking (input, output, cache)
  • Task history with full output logs for review

And everything else you'd expect

A complete terminal workspace for AI-native development.

Split Panes & Workspaces

Vim-style splits, tabs, leader key mode. Sessions auto-save every 8 seconds.

Embedded Browser

Full browser as a split pane with Vimium keyboard navigation.

Git Diff Viewer

Inline diffs with syntax highlighting, per-pane CWD awareness.

Agent Detection

Auto-detects 19 AI agents. See active, stalled, or idle status per workspace.

Cost & Token Tracking

Per-model pricing, input/output token counts, rate limit countdown.

Ghostty-Compatible Config

Familiar key=value format. Hot-reload on save.

Free for personal use

Every feature included for free. Enterprise adds centralized auditing and enforced policies for teams.

Free

Popular
$0forever

Every feature. No limits. No credit card.

  • OS-level sandboxing (Landlock, seccomp, Seatbelt)
  • Tamper-proof audit trail with SHA-256 chaining
  • Agent queue with priority scheduling & dependencies
  • Cost & token tracking with rate limit awareness
  • PII & secret detection
  • Split panes, workspaces & embedded browser
  • 19-agent auto-detection
  • Built-in git diff viewer
  • Session persistence & auto-save
Download Free

Enterprise

Coming Soon
$10/user/month

Prove compliance. Enforce policy.

  • Everything in Free
  • Enforced sandboxing policies
  • Enforced settings & configuration
  • Complete audit trail export
  • Real-time critical event alerts
  • PII & secret detection / protection
  • REST API access for integrations
  • Budget reports & cost controls
  • SSO & team management
  • Priority support
Coming Soon

Download thane

Get started in seconds. v0.1.0-beta.21 — Choose your platform.

macOS (Apple Silicon)thane-macos-arm64.dmg

Linux (Ubuntu / Debian / Fedora)

$curl -fsSL https://getthane.com/install.sh | bash

Windows 11 (via WSL)

Step 1: Install WSL (run in PowerShell as Admin, then reboot)
$wsl --install
Step 2: Install thane (run inside WSL after reboot)
$curl -fsSL https://getthane.com/install.sh | bash
Step 3: Launch thane (run inside WSL)
$thane

Native on every platform — not Electron. Dark mode, JetBrains Mono NL bundled, platform-native shortcuts.