code-on-incus
by mensfeld
Run coding agents in isolated Incus containers (sandboxes) with session persistence, workspace isolation, and multi-slot support.
262stars
17forks
Python
Added 2/8/2026
AI Agentsai-toolsanthropicclaudeclaude-codecli
Installation
# Add to your Claude Code skills
git clone https://github.com/mensfeld/code-on-incus<p align="center">
<img src="misc/logo.png" alt="Code on Incus Logo" width="350">
</p>
code-on-incus (
code-on-incus (coi)
Secure and Fast Container Runtime for AI Coding Tools on Linux and macOS
Run AI coding assistants (Claude Code, opencode, Aider, and more) in isolated, production-grade Incus containers with zero permission headaches, perfect file ownership, and true multi-session support.
Limited Blast Radius: Prepare your workspace upfront, let the AI agent run in isolation, validate the outcome. No SSH keys, no environment variables, no credentials exposed. If compromised, damage is contained to your workspace. Network isolation helps prevent data exfiltration. Your host system stays protected.
Security First: Unlike Docker or bare-metal execution, your environment variables, SSH keys, and Git credentials are never exposed to AI tools. Containers run in complete isolation with no access to your host credentials unless explicitly mounted.
Proactive Defense: COI doesn't just isolate AI tools — it actively watches them. A built-in security monitoring daemon detects reverse shells, credential scanning, and large data reads in real time, automatically pausing or killing the container before damage can occur. No manual intervention needed.
Think Docker for AI coding tools, but with system containers that actually work like real machines.
Comments (0)
to leave a comment.
No comments yet. Be the first to share your thoughts!