Anatomy of a Linux Desktop
An agent operating in a sandbox runs in full YOLO mode 100% autonomous, without asking the engineer for guidance. That’s why a sandbox environment is so crucial for agents.
Devboxes, hot and ready
Minions : Stripe’s one-shot, end-to-end coding agents
Kernel ‒ WM ‒ Shell
---------------------
nixos
Ϟ Linux ‒ Niri ‒ nushell
macos
Ϛ XNU ‒ Quartz Compositor ‒ zsh
windows
Ͻ Windows NT ‒ Desktop Window Manager ‒ powershell
Claude Code Take the Wheel, I prompt, you code, that's the Deal. ♪
Containerized hacking environments for professionals, students, CTF players, bug hunters, researchers, ... and for you
stereOS is a Linux OS purpose-built for AI agents, offering better scaling and security than Docker or VMs. It uses NixOS and gVisor to run agents in isolated sandboxes with virtual kernels.
This architecture protects the host hardware from breaches and allows agents to safely spawn sub-agents in a read-only environment.
Waifu stack
dev cli/tui only - no 3d creating
日々が過ぎゆく中で、ターミナルで幸せに生きよう。
❃ cpu : ryzen
❃ os : nixos
❃ wm : niri
❃ taskbar : quickshell
❃ term : ghostty
❃ shell : nushell
❃ font : JetBrainsMono Nerd
nix docs is kinda hard ; arch wiki rocks
Wayland Niri X Quickshell = Custom taskbar for *nix
Type : TUI
Environment : Local
Isolation workspace : No
Isolation runtime : Apple Virtualization.framework
Local-First Sandboxes for AI Agents on macOS.
Lightweight Linux VMs powered by Apple Virtualization.framework.
Ephemeral by default. No Docker required.
No emulation layer
Near-native speed on ARM64.
Type : TUI
Environment : Local
Isolation workspace : Git worktree
Isolation runtime : No
Run Claude, Codex, and Gemini CLIs side-by-side with built-in Git integration. Easily switch agents and manage up to 10 concurrent sessions via tabs.
Features include real-time streaming, token tracking, and full session persistence to resume work with context intact.
Type : CLI
Environment : Cloud
Isolation workspace : no
Isolation runtime : Firecracker
Launch secure E2B Sandboxes in just 80ms. Built specifically for AI agents, they provide a full suite of tools for any workflow.
Powered by Firecracker microVMs, each sandbox ensures robust isolation for safely running untrusted code.
Esprit AI deploys autonomous hacker agents that scan your code, find vulnerabilities, validate exploits, and generate fixes — 10x faster than manual pentesting.
Native macOS app built on Ghostty. Vertical tabs, notification rings when agents need attention, split panes, and a socket API for automation.
cmux.dev
