Public Alpha - macOS only (for now) Free to use

The secure
AI app runtime and toolkit for coding agents.

Build, run, test, and share local-first AI apps
sandboxed end-to-end.

See Real Apps How It Works
bash
# Install CapaKit:
$curl -fsSL https://capakit.com/install.sh | sh
# Run any AI app straight from GitHub:
$capakit run https://github.com/capakit/hello-world-demo-kit
[✓]App [hello-world] is running
[i]runtime: [ephemeral seatbelt sandboxes on macOS]
[i]host network endpoints:
protocol=[mcp] endpoint=[/mcp] url=http://127.0.0.1:50958/mcp
press Ctrl-C to stop

When you tell an agent
what to build, you inherit how it built it.

AI apps quietly become your responsibility. Most tooling only sandboxes the runtime, completely ignoring the risky, messy parts before it.

The Problem
Build Phase Exposed
Your Host
Secrets
Files
Run Phase Safe

Most tools only sandbox the running code.

  • Leaked Secrets Baked directly into code and configuration files.
  • Broad Permissions Agents operate with full access to your host machine.
  • Unsandboxed Builds Arbitrary scripts executing during `npm install` or builds.
The Solution
CapaKit Sandbox
Build Phase Safe
Run Phase Safe

Sandbox the entire app lifecycle.

  • No inherited environment or broad filesystem access.
  • No network by default. Traffic must be explicitly allowed.
  • Ephemeral, single-use sandboxes for every build and run.
  • Secrets resolved on-demand, never hardcoded.
The Definition

What Is an "AI App"?

It's a self-contained, sharable unit with AI functionality. If it has AI inside and you want to run, test, and share it safely — it's an AI app.

Standalone Web Interfaces Applications that ship entirely with their own built-in web UI.
Agentic Integrations Tools that plug directly into your agents via MCP or skill sets.
Models
Assets
Prompts
AI app Kit
Web UI
MCP

Why CapaKit?

AI apps come with burdens that quietly land on you.
CapaKit takes them off your plate.

Security

Managing secrets, permissions, and blocking unwanted network access.

Handled by default and tailored for each app minimal needs.

Testing

Making sure code, logic, and agent flows work reliably end-to-end.

Structured testing from a service to full integration tests, run in isolation.

Deployment

Wiring up network endpoints, resolving dependencies, and manual installs.

Point CapaKit to GitHub, package or unpacked folder, it works.

Built for the Agentic Stack

MCP
A2A
OpenAI-compatible APIs
Skills

CapaKit natively speaks the protocols your agents already use. The same manifest runs locally today — and is designed to run anywhere tomorrow.

How It Works

One command. Sandboxed from build to runtime. No setup ceremony.

Workflow
# Run an AI app straight from GitHub:
$ capakit run https://github.com/capakit/hello-world-demo-kit
[✓] App [hello-world] is running
[i] runtime: [ephemeral seatbelt sandboxes on macOS]
[i] App Kit origin: https://github.com/capakit/hello-world-demo-kit
[i] host network endpoints:
protocol=[mcp] endpoint=[/mcp] url=http://127.0.0.1:55020/mcp
press Ctrl-C to stop
# Run it and install it locally as a Codex skill:
$ capakit run https://github.com/capakit/hello-world-demo-kit --global-skill codex
[✓] App [hello-world] is running
[i] runtime: [ephemeral seatbelt sandboxes on macOS]
[i] App Kit origin: https://github.com/capakit/hello-world-demo-kit
[i] skill provider: [codex] root=/Users/user/.codex/skills
[i] Kit endpoint [/mcp] is installed as a local skill
[i] skill commands:
[hello-world]
[i] host skill files:
/Users/user/.codex/skills/hello-world/SKILL.md
/Users/user/.codex/skills/hello-world/hello-world
/Users/user/.codex/skills/hello-world/.hello-world.conf
installed skill files are temporary and will be deleted when this command exits
press Ctrl-C to stop
# Clone and make it your own:
$ git clone https://github.com/capakit/hello-world-demo-kit
$ cd hello-world-demo-kit
# Run tests in isolation:
$ capakit test
[i] test: loaded manifest file=[capability-test.yml] cases=[2]
[i] preparing workload command=[bun install]
[i] test: invoking exec preflight=[hello workload typechecks] command=[bun x tsc --noEmit]
[✓] test passed: hello workload typechecks
[i] test: AI app ready mode=[managed]
[i] mcp access method=[tools/call] path=[/mcp] tool=[hello-world] status=[200] outcome=[ok]
[✓] test passed: hello world tool returns structured text
[i] test: AI app stopped
# Share it as a single file:
$ capakit kit package --out hello-world-demo-kit.capakit
[✓] created package at hello-world-demo-kit.capakit
$ capakit run hello-world-demo-kit.capakit
[✓] App [hello-world] is running
[i] runtime: [ephemeral seatbelt sandboxes on macOS]
[i] App Kit origin: hello-world-demo-kit.capakit
[i] host network endpoints:
protocol=[mcp] endpoint=[/mcp] url=http://127.0.0.1:55569/mcp
press Ctrl-C to stop

Building a new AI app?

Just ask your coding agent to use capakit and tell it the app you want — like you normally do.

Running an existing one?

Just a single command to safely run, test, or install it globally. The entire lifecycle is isolated automatically.

See Real Apps

Built with CapaKit. Runnable with a single command straight from GitHub.

Kids Storybook Creator

Source ↗
stable-diffusion llama-cpp web UI MCP
Kids Storybook Creator app screenshot
$ capakit run \
https://github.com/capakit/kids-storybook-creator-demo-kit \
--mount models=~/.capakit/models # cache dir

Local Image Tagger

Source ↗
vision llama-cpp web UI MCP
Local Image Tagger app screenshot
$ capakit run \
https://github.com/capakit/local-image-tagger-demo-kit \
--mount images=/path/to/images \
--mount models=~/.capakit/models

Real Time Voice Chat

Source ↗
voice llama-cpp web UI
Realtime Voice app screenshot
$ capakit run \
https://github.com/capakit/realtime-voice-demo-kit \
--mount models=~/.capakit/models

Created a cool app?

Submit a PR to feature your AI app in the official app registry and share it with the community.

View App Registry ↗

Kit Anatomy

A kit is the unit teams can standardize on.

Structure
hello-world-demo-kit/
Agent guidance
Capability manifest
Capability checks
Workload root
workloads/hello/
Source
Project summary
capability.yml 
version: '1'
name: hello-world

workloads:
  hello:
    endpoints:
      - mcp
    runtime:
      source:
        toolchain: bun
        prepare:
          command: bun install
          allow_network: true
        start:
          command: bun run src/index.ts

Who Is CapaKit For?

  • Developers & teams Going through AI-native transformation and needing standardized practices.
  • Builders Spinning up quick POCs with local/remote models, web UIs, MCP, A2A, or skills.
  • Security-conscious engineers Who don't want to run unknown or 3rd party code unsandboxed on their machine.

CapaKit Philosophy

  • Local-first You build it, you own it. You can run it anywhere any time, even offline.
  • Agent-native Designed from the ground up to be driven, written, and understood by coding agents.
  • Secure by default Isolation is treated as a first-class concern, not an afterthought.