BoxLite
Isolation workspace : no
Isolation runtime : MicroVM
BoxLite lets you spin up lightweight VMs ("Boxes") and run OCI containers inside them. It's designed for use cases like AI agent sandboxes and multi-tenant code execution, where Docker alone isn't enough and full VM infrastructure is too heavy.
Rivet
Isolation workspace : git worktree
Isolation execution : no
State survives crashes, restarts, and process termination
Broadcast events to all connected clients as they happen
Retrieve full session history for debugging or analysis
Run thousands of concurrent agent sessions across your infrastructure
Koyeb
Isolation workspace : no
Isolation runtime : MicroVM
Koyeb provides high-performance, serverless microVMs on bare-metal for AI agents and untrusted code. Features include 250ms cold starts, auto-scaling, and total isolation. Perfect for secure workflows, prototyping, and testing globally without managing local infrastructure.
koyeb.com/blog/koyeb-sandboxes-fast-scalable-fully-isolated-environments-for-ai-agents
AgentFS
AgentFS provides isolated filesystem access backed by a SQLite file so agents can safely run the CLI tools they were trained on.
TUI agentic coding harness
Opencode ᖊ
curl -fsSL https://opencode.ai/install | bash
᛭ opus, gpt, gemini, grok, (kimi, qwen, deepseek, glm, devstral)
Claude code ᖊ
curl -fsSL https://claude.ai/install.sh | bash
᛭ opus
Amp ᖊ
curl -fsSL https://ampcode.com/install.sh | bash
᛭ opus, gpt, gemini, grok, (kimi, qwen, deepseek, glm, devstral)
Mistral Vibe
curl -fsSL https://mistral.ai/vibe/install.sh | bash
᛭ devstral
Pi
npm install -g @mariozechner/pi-coding-agent
᛭ opus, gpt, gemini, grok, (kimi, qwen, deepseek, glm, devstral)
Crush
npm install -g @charmland/crush
᛭ opus, gpt, gemini, grok, (kimi, qwen, deepseek, glm, devstral)
Codex
npm install -g @openai/codex
᛭ opus, gpt, gemini, grok, (kimi, qwen, deepseek, glm, devstral)
Copilot
npm install -g @github/copilot
᛭ gpt, opus, grok
* ᖊ = cool
Building a TUI to index and search my coding agent sessions
stanislas.blog/2026/01/tui-index-search-coding-agent-sessions/
Netclode
Type : ADE ⫝
Environment : Cloud
Isolation workspace : git worktree
Isolation runtime : MicroVM kata
⫝ agentic dev environment
Netclode lets you safely self-host coding agents like Claude Code, accessible via iOS. It wraps sessions in Kata microVMs (k3s/Cloud Hypervisor) for total isolation. Agents execute securely, and VMs are instantly destroyed after use, leaving no trace on your system.
https://github.com/angristan/netclode
https://stanislas.blog/2026/02/netclode-self-hosted-cloud-coding-agent
A field guide to sandboxes for AI
arts 🦇
Playground Engine, a Firecracker-powered microVM orchestrator
Boot Linux microVMs in <1s - for sandboxes and services.
Firecracker
slicervm.com
Kata Containers
exe.dev
Popularization of the infinitesimally small with the help of Blender software. State of the art!
2022-2024 : chat
2024-2025 : agentic coding
2026-2027 : agentic system
2028-xxxx : world physics
In The Lord of the Rings, the palantír allows its user to see everything, but at a great cost: loss of control and manipulation. Palantir Technologies echoes this idea in the real world.
By aggregating massive amounts of data, Palantir provides governments and intelligence agencies with extraordinary surveillance and analytical power. While effective for security and intelligence, this concentration of data poses serious risks to privacy, transparency, and individual freedom.
As Tolkien warned, great vision without limits can be dangerous especially when few control what is seen.
December 2025
DNS over HTTPS (DoH) server
394k hits
Sprites (fly.io)
Sprites provide stateful Linux environments with hardware isolation via Firecracker VMs. They support checkpoint & restore, ideal for AI agents or untrusted binaries. Each Sprite runs on an isolated network to prevent unauthorized access, offering a simple and secure home for arbitrary code execution.
Game interface for controlling agents
