Git-native parallel coding agents.
ax is a git extension that runs coding agents in isolated microVMs.
Bring your own API key or subscription.
fix-auth-test claude running 3m22s refactor-db-pool codex done ✓ 4 files changed add-metrics claude running 0m47s
❯ fix the flaky test in auth_test.go. ultrathink ● I'll look at the test and the middleware it's testing. ● Read 2 files (ctrl+o to expand) ● Let me run this specific test to see the failure details. ● Bash(go test -run "TestAuthMiddleware_ExpiredToken" > /tmp/test-out.txt) ⌊ EXIT: 0 · Debugging…
Clean git workflow
Every agent gets its own branch.
When an agent finishes, its work is sitting on a clean git branch.
Inspect the agent, diff the branch, or merge it with standard git.
name refactor-db-pool backend codex status done branch ax/refactor-db-pool files 4 changed, 87 insertions(+), 23 deletions(-) time 6m41s
commit e91d4a83b7f2c60a1d5e849f3c27b8a4d6f01e53 (ax/refactor-db-pool) Author: Artificially Intelligent <[email protected]> Date: Thu Mar 12 09:14:37 2026 refactor: replace per-request DB connections with shared pool
Hardware isolation
No approval prompts needed.
Every agent runs in its own microVM with a dedicated kernel.
Zero risk to your infrastructure.
No "allow edit?", no "allow bash?". The agent just works.
Beyond the terminal
Scales from you to your team
ax isn't just a developer tool.
It's a platform for managing how your team uses coding agents.
Cost accounting per agent
Every API call is metered and attributed. See exactly what each task costs.
fix-auth-test opus-4.6 $1.41 refactor-db-pool gpt-5.3-codex $0.36 add-metrics opus-4.6 $0.93 ───── total $2.70
Secrets injection
Agents can use your credentials but never see the actual values.
Plugs into your .env file, HashiCorp Vault, or any secrets backend.
Full audit logging of all network requests.
ANTHROPIC_API_KEY sk-ant-···7f2a last used 2m ago OPENAI_API_KEY sk-····e9d1 last used 4m ago GITHUB_TOKEN ghp_····4a8c last used 1h ago
Automated workflows
Point ax at your issue tracker. It picks up work, runs agents, and generates branches for review.
watching for new tickets... fix N+1 query in orders endpoint running fix-order-endpoint-query add rate limiting to public API running add-rate-limiting migrate user table to new schema running migrate-user-table
Team insights
See who's running what and what it costs. Guide your team to effectively use AI.
alice $2.70 ├── fix-order-endpoint-query $1.41 ├── add-rate-limiting $0.93 └── migrate-user-table $0.36 bob $0.24 └── update-api-docs $0.24 ───── total $2.94
Account pooling
Add multiple accounts and API keys.ax multiplexes across them so you never hit usage limits mid-flow.
default claude [email protected] bob claude [email protected] openai codex sk-···e9d1
Agent coordination
Every agent has an MCP server that lets it see what other agents are working on.
● I'll add rate limiting to the public API. ● ListAgents() ⌊ back-142 modifying api/handlers/orders.go back-144 modifying db/migrations/004_users.sql ● Agent back-142 is editing the orders handler. I'll add rate limiting at the middleware layer instead to avoid conflicts with its work. ● Write(api/middleware/ratelimit.go)
Technical Architecture
MicroVM Isolation
Each agent runs in its own microVM powered by a custom VMM. Not a container, not a namespace. A dedicated kernel, memory, and process tree. Agents can't see each other's filesystems, network traffic, or credentials. Startup takes milliseconds.
Filesystem Sharing via virtiofs
The repository is mounted into the VM using virtiofs, a shared filesystem over virtio. No copying, no syncing. Writes go to a copy-on-write layer so the host working tree is never modified directly.
Git-Native Branching
Every agent operates on a real git branch. When the agent finishes, its commits are on a branch you can inspect, diff, rebase, or merge with standard git tooling. No proprietary format, no export step.
MCP Coordination
Each agent has an MCP server injected into its environment. Through it, agents can list other running agents, see which files they're modifying, and coordinate to avoid conflicts.
Optional Web Dashboard
The terminal is the primary interface, but the daemon also serves a local web dashboard. Use it when you want to see every running agent, account, terminal, and display session from one place.
Credential Proxy
Secrets are injected by synthesizing a .env file at the repo root containing opaque, encrypted values. At the VM network boundary, the real credential is substituted. The agent never sees the actual secrets. All requests are logged with full audit trail.
Cost Metering
API calls to LLM providers are intercepted at the network layer. Token counts, model identifiers, and pricing are extracted from each request/response pair and attributed to the agent's task. Costs are tracked in real time and queryable per agent, per user, or per team.
Parallel coding agents from your terminal
Isolated microVMs. Git-native workflow. Credential controls. Full audit trail.