code-on-incus
by mensfeld
Run coding agents in hardened Incus containers with real-time network threat detection, automatic threat response (pause/kill), credential isolation, protected paths, session persistence, and multi-slot support.
380stars
24forks
Python
Added 2/8/2026
AI Agentsagentic-aiai-toolsanthropicclaudeclaude-code
Installation
# Add to your Claude Code skills
git clone https://github.com/mensfeld/code-on-incuscode-on-incus (coi)
Security-Hardened Container Runtime for AI Coding Agents with Real-Time Threat Detection
Run AI coding assistants (Claude Code, opencode, Aider, and more) in isolated, production-grade Incus containers with zero permission headaches, perfect file ownership, and true multi-session support.
Limited Blast Radius: Prepare your workspace upfront, let the AI agent run in isolation, validate the outcome. No SSH keys, no environment variables, no credentials exposed. If compromised, damage is contained to your workspace. Network isolation helps prevent data exfiltration. Your host system stays protected.
Security First: Unlike Docker or bare-metal execution, your environment variables, SSH keys, and Git credentials are never exposed to AI tools. Containers run in complete isolation with no access to your host credentials unless explicitly mounted.
Proactive Defense: COI doesn't just isolate AI tools — it can actively watch them. Enable the built-in security monitoring daemon ([monitoring] enabled = true) to detect reverse shells, credential scanning, and large data reads in real time, automatically pausing or killing the container before damage can occur. No manual intervention needed.
Think Docker for AI coding tools, but with system containers that actually work like real machines.
Comments (0)
to leave a comment.
No comments yet. Be the first to share your thoughts!