Let researchers use AI agents without putting your infrastructure at risk. Policy-controlled sandboxes with scoped filesystems, credential blocking, network policies, and full audit trails.
npm i -g labgateBuilt for HPC clusters and institutional environments.
Wrap claude with labgate claude to add container isolation, file policies, and audit logging — without changing your workflow.
The web dashboard shows what each agent is doing right now. Click a session to see files accessed and activity history.
See exactly which files agents read, write, or get blocked from accessing. Sensitive paths like .ssh, .aws, and .env are automatically blocked.
LabGate connects to SLURM via an MCP server. The agent can check job status, submit new jobs, and react to completions — no manual copy-pasting of job IDs.
| Job ID | Name | Status | Time |
|---|---|---|---|
| 4829371 | blast-all-vs-all | Running | 02:34:12 |
| 4829365 | alphafold-predict | Running | 05:12:44 |
| 4829358 | rnaseq-align | Completed | 01:22:05 |
| 4829390 | variant-calling | Pending | — |
| 4829342 | qc-pipeline | Failed | 00:02:13 |
| LabGate | Raw AI Agents | IT "Just Ban It" | Generic Sandboxes | |
|---|---|---|---|---|
| Researchers can use AI agents | ✓ | ✓ | ✕ | ✓ |
| Fine-grained access control | ✓ | ✕ | N/A | Partial |
| SLURM integration | ✓ | ✕ | N/A | ✕ |
| Credential isolation | ✓ | ✕ | N/A | Partial |
| Audit trail / SIEM export | ✓ | ✕ | N/A | ✕ |
| Apptainer / Singularity native | ✓ | ✕ | N/A | ✕ |
| No root required | ✓ | ✓ | N/A | ✕ |
| Network policy per session | ✓ | ✕ | ✓ | Partial |
| Multi-agent support | ✓ | Partial | ✕ | ✕ |
LabGate is free for personal and research use. Enterprise plans add institution-wide management.
Full sandbox functionality for personal projects and research. No limits, no sign-up.
Institution-wide policies that override user settings. Enforce network, filesystem, and audit rules across every cluster.
These features are live and available now. Install or upgrade to get them.
Monitor and manage SLURM jobs from the dashboard or CLI. Automatic polling, job state tracking in SQLite, output tailing, and one-click cancellation.
Model Context Protocol server exposing SLURM tools to agents: list jobs, get status, read output, and cancel — all within the sandbox security boundary.
Mount named datasets into the sandbox with read-only or read-write access. Descriptions are automatically injected into agent context for discovery.
Real-time browser dashboard showing active sessions, security events, blocked commands, and SLURM jobs. Manage settings, datasets, and policies from one place.
Central policy files at /etc/labgate/policy.json that override user settings. Force runtimes, images, network modes, and audit requirements cluster-wide.
Automatically inject LabGate context into CLAUDE.md or AGENTS.md — path mappings, mounted datasets, SLURM guidance, and session-specific instructions.
LabGate continues to expand with new integrations and management capabilities for research teams.
Ready-made CLAUDE.md templates for common workflows. Agents start with domain context, coding conventions, and project structure built in.
Institution-managed collections of tools pre-installed in sandbox images. Define approved toolchains once, use them across every session.
Dashboards showing agent usage across your institution: sessions per user, tokens consumed, audit events, and resource utilization over time.
ANTHROPIC_API_KEY from host environment--api-key flag to skip browser login entirelyruntime: "docker" config