One security layer between AI agents and your infrastructure

Let researchers use AI agents without putting your infrastructure at risk. Policy-controlled sandboxes with scoped filesystems, credential blocking, network policies, and full audit trails.

npm i -g labgate

Built for HPC clusters and institutional environments.

See the quickstart guide for installation instructions.

macOSLinux
Why LabGate?

Same agent, now with guardrails

Wrap claude with labgate claude to add container isolation, file policies, and audit logging — without changing your workflow.

Without LabGateUnrestricted
Runs directly on host filesystem
No container or namespace isolation
No centralized audit log
With LabGateSandboxed
Live Dashboard

Sandboxed agents you can actually observe

Isolation is just the start. Because every session runs through LabGate, you get full visibility into what each agent is doing — files touched, commands run, time spent — all in one live dashboard.

LabGate Dashboard — Sessions
claudec9eacafdThinking
~/genomics-pipeline
12m 34s
claudea1b2c3d4Running command
~/protein-folding
3m 12s
codexe5f6a7b8Idle
~/rnaseq-analysis
45m 02s
Security Monitoring

Watch every file access in real time

See exactly which files agents read, write, or get blocked from accessing. Sensitive paths like .ssh, .aws, and .env are automatically blocked.

LabGate Dashboard — File Access Log
TimePathActionDetail
09:14:23/work/src/index.tsreadAgent read source file
09:14:24/work/package.jsonreadAgent read package manifest
09:14:25~/.ssh/id_rsablockedBlocked by pattern **/.ssh
09:14:26/work/src/auth.tswriteAgent wrote refactored code
09:14:27~/.aws/credentialsblockedBlocked by pattern **/.aws
09:14:28/work/.envblockedBlocked by pattern **/.env
09:14:29/work/src/utils.tsreadAgent read utility module
SLURM Integration

Your agent knows what’s running on the cluster

LabGate connects to SLURM via an MCP server. The agent can check job status, submit new jobs, and react to completions — no manual copy-pasting of job IDs.

SLURM JobsMCP connected
Job IDNameStatusTime
4829371blast-all-vs-all Running02:34:12
4829365alphafold-predict Running05:12:44
4829358rnaseq-alignCompleted01:22:05
4829390variant-callingPending
4829342qc-pipelineFailed00:02:13
labgate claude ~/genomics-pipeline
Built-in Tools

Your agent already knows your data

Register datasets once and every sandboxed agent can discover, browse, and read them automatically — no copy-pasting paths, no manual mounting. Control access with read-only or read-write modes, per-user or enforced institution-wide.

Browse & search
Agents list available datasets, search by filename patterns, and inspect directory structures
Read with controls
Mount datasets as read-only or read-write — agents can only access what you allow
Results registry
Agents save findings and outputs so they persist across sessions
LabGate — Dataset Registry
NameSourceModeSize
genomesReference genomes (hg38, mm10)
HPC-wideread-only48 GB
proteomicsMass-spec results Q1–Q3
HPC-wideread-only6.2 GB
cohort-2024Patient cohort sequencing data
Userread-write120 GB
labgate claude ~/genomics-pipeline
Results Registry

Every finding saved, nothing lost between sessions

Through a built-in MCP server, agents record findings, outputs, and analysis results into a structured registry as they work. Every entry links back to its session, working directory, and artifacts — making results reproducible and traceable. Pick up where the last session left off, or let another agent continue the work.

LabGate — Results
Search results...
Allclaudecodex
BLAST alignment completedclaude
All-vs-all BLAST finished on 4 GPU nodes. Top 12 hits exported to results/blast_top_hits.csv with E-value < 1e-10.
blastgenomicscompleted
2m ago·c9eacafd·2 artifacts
Differential expression analysisclaude
DESeq2 identified 347 significantly differentially expressed genes (padj < 0.05). Volcano plot saved.
rnaseqdeseq2statistics
18m ago·a1b2c3d4·2 artifacts
Protein structure predictioncodex
AlphaFold predicted structure for 3 target proteins. pLDDT scores: 92.1, 87.4, 78.9. PDB files exported.
alphafoldproteomicsstructure
1h ago·e5f6a7b8·2 artifacts
Competitive Landscape

How LabGate compares

LabGateRaw AI AgentsIT "Just Ban It"Generic Sandboxes
Researchers can use AI agents
Fine-grained access controlN/APartial
SLURM integrationN/A
Credential isolationN/APartial
Audit trail / SIEM exportN/A
Apptainer nativeN/A
No root requiredN/A
Network policy per sessionPartial
Multi-agent supportPartial
Pricing

Start free, scale with your institution

LabGate is free for personal and research use. Enterprise plans add institution-wide management.

Personal

Free

For individual researchers

Full sandbox functionality for personal projects and research. No limits, no sign-up.

  • All sandbox features
  • Apptainer (HPC-default)
  • Credential blocking & network isolation
  • JSONL audit logging
  • Claude Code & Codex support
  • Community support
Get Started
Enterprise

Institution

Institution-wide deployment

Institution-wide policies that override user settings. Enforce network, filesystem, and audit rules across every cluster.

  • Everything in Personal
  • Central policy management across clusters
  • Institution-wide config that overrides user settings
  • Compliance exports & reporting
  • Multi-cluster deployment & management
  • Dedicated support & onboarding
Contact Us
New in v0.5

Recently shipped

These features are live and available now. Install or upgrade to get them.

Live

SLURM Job Tracking

Monitor and manage SLURM jobs from the dashboard or CLI. Automatic polling, job state tracking in SQLite, output tailing, and one-click cancellation.

Live

SLURM MCP Server

Model Context Protocol server exposing SLURM tools to agents: list jobs, get status, read output, and cancel — all within the sandbox security boundary.

Live

Dataset Registry

Mount named datasets into the sandbox with read-only or read-write access. Descriptions are automatically injected into agent context for discovery.

Live

Web Dashboard

Real-time browser dashboard showing active sessions, security events, blocked commands, and SLURM jobs. Manage settings, datasets, and policies from one place.

Live

Institution Policies

Central policy files at /etc/labgate/policy.json that override user settings. Force runtime, images, network modes, and audit requirements cluster-wide.

Live

Instruction Injection

Automatically inject LabGate context into CLAUDE.md or AGENTS.md — path mappings, mounted datasets, SLURM guidance, and session-specific instructions.

Coming Soon

What's next

LabGate continues to expand with new integrations and management capabilities for research teams.

Planned

Project Templates

Ready-made CLAUDE.md templates for common workflows. Agents start with domain context, coding conventions, and project structure built in.

Planned

Shared Tool Library

Institution-managed collections of tools pre-installed in sandbox images. Define approved toolchains once, use them across every session.

Planned

Usage Analytics

Dashboards showing agent usage across your institution: sessions per user, tokens consumed, audit events, and resource utilization over time.

Changelog

v0.5.43Mar 2026

CLI update checks and startup polish

  • Added CLI update checks so LabGate can surface newer releases directly in the terminal.
  • Hardened Claude startup stage handling with stronger atomic writes and regression coverage for non-UI startup paths.
  • Improved install and site messaging with clearer postinstall guidance plus refreshed privacy and analytics pages.
v0.5.42Mar 2026

Claude workflow and HPC startup hardening

  • Prefer host-proxy SLURM passthrough for Apptainer sessions, with reusable staging manifests and startup locks to keep host CLI access robust on clusters.
  • Tighten web-terminal startup detection by combining live bridge output with tmux capture, reporting elapsed progress, and validating cached Apptainer SIFs before reuse.
  • Simplify the web UI around files/activity-focused sidebars and lightweight display widgets, and add a feedback modal that can attach logs plus admin diagnostics.
v0.5.41Mar 2026

Improve Apptainer cache and terminal startup

  • Add configurable, reusable SIF cache directory support for Apptainer image pulls.
  • Improve web terminal startup checks and plugin readiness for Claude workflows.
v0.5.40Feb 2026

Shared Apptainer image pull locking

  • Added cross-process .pull.lock coordination so concurrent sessions reuse one Apptainer pull instead of duplicate SIF downloads.
  • Added LABGATE_IMAGES_DIR override support for shared SIF caches, with safer init handling for shared directories.
  • Improved startup visibility with explicit waiting messages, stale-lock recovery, and documented lock tuning env vars.
v0.5.39Feb 2026

NPM publish + metadata sync

  • Published labgate@0.5.39 to npm from the new mainline branch state.
  • Refreshed landing-page changelog metadata for the v0.5.39 release.
  • No user-facing feature changes compared with v0.5.38.
v0.5.38Feb 2026

Automation + File Browser UX

  • Added Automation controls with terminal-status awareness and direct terminal input helpers.
  • Upgraded the Files panel with row action menus, right-click actions, copy path/link utilities, and keyboard navigation.
  • Added file metadata hints in the browser (recent-change + Git status badges) and richer browse API metadata for UI rendering.
v0.5.37Feb 2026

Web-terminal Claude startup detection fix

  • Skip the local-UI missing warning when Claude is launched from a linked LabGate web terminal session (Open OnDemand path).
  • Added integration coverage to prevent regressions in linked web-terminal startup behavior.
v0.5.36Feb 2026

Open OnDemand Proxy Path Fixes

  • Resolve dashboard API, SSE, and WebSocket endpoints against proxied base paths (for example Open OnDemand /rnode sessions).
  • Add trailing-slash canonicalization plus regression tests to keep bundled assets and API calls working behind session-specific proxy URLs.
v0.5.35Feb 2026

Headless controls and UI quick-link token

  • Added labgate ui --token to set a custom 12-character /s/<token> quick link, with validation and --socket conflict checks.
  • Added headless.claude_run_with_allowed_permissions to control whether Claude headless runs pass --dangerously-skip-permissions.
  • Added UI version/update endpoints with update-status locking for safer self-update behavior.
v0.5.31Feb 2026

Workspace explorer groundwork

  • Added a VS Code-style workspace file explorer implementation path in the web UI
  • Explorer API now supports typed file and directory entries for future tree-view UX
  • Feature is intentionally kept disabled by default while design and behavior are finalized
v0.5.13Feb 2026

Faster startup feedback

  • First-run progress indicator while the sandbox pulls images and installs agent tooling
v0.5.12Feb 2026

HPC quality-of-life

  • Default sandbox image upgraded to include Python 3
  • SLURM CLI passthrough so sbatch/squeue work inside sandboxes
  • New labgate config reset for adopting defaults safely
v0.5.4Feb 2026

SLURM integration & policy engine

  • SLURM MCP server for cluster job management
  • YAML-based policy engine for fine-grained agent control
  • License key generation and validation
  • Expanded CLI commands and configuration
v0.5.3Feb 2026

Web UI settings dashboard

  • Real-time browser dashboard for session management
  • SLURM job tracking with MCP server
  • Dataset registry with read-only/read-write modes
  • Institution policy support
v0.4.0Feb 2026

SSH OAuth & API key forwarding

  • OAuth login URL auto-copied to local clipboard over SSH via OSC 52
  • Auto-forward ANTHROPIC_API_KEY from host environment
  • New --api-key flag to skip browser login entirely
v0.3.0Feb 2026

Apptainer-only runtime focus

  • Runtime support narrowed to Apptainer for a simpler HPC path
  • Legacy runtime configs are mapped to runtime: "apptainer"
  • Platform-aware install guidance in CLI error output

Ready to sandbox your AI agents?

Install LabGate in seconds. No sign-up, no configuration required to get started.

npm i -g labgate