code-on-incus - per-agent isolated VMs with active defense
Gives each AI agent its own Incus machine with root, Docker, and systemd. Built-in detector stops threats automatically when an agent goes off-script.
This entry doesn't have a long-form writeup yet. Follow the source link above for the full context.
Featured in
Claude Code tools, plugins, and integrations
The best tools, MCP servers, and harnesses for getting more out of Claude Code - orchestration, observability, telemetry, and remote control.
Security tools for AI coding agents
Sandboxes, scanners, proxies, and governance toolkits that keep autonomous agents from doing damage.
Self-hosted developer tools and PaaS
Open-source, self-hosted alternatives to Heroku, Render, GitHub Actions, and the rest of the SaaS dev stack.
Related entries
sandstorm - run Claude agents in cloud sandboxes
FastAPI service for running Claude Code agents in secure E2B cloud sandboxes via API, CLI, or Slack. Single call, full agent, no infrastructure.
sandboxed.sh - self-hosted agent sandbox orchestrator
Self-hosted Rust orchestrator that runs Claude Code and OpenCode inside isolated Linux workspaces, with skills, configs, and encrypted secrets stored in a git repo.
Egregore - shared memory for multiplayer Claude Code
Local MIT substrate that gives a team of Claude Code sessions a shared memory and coordination layer, spun up via npx create-egregore.
skill-doctor - inspector for coding-agent skills
Local tool that audits installed agent skills for conflicts, precedence issues, and risk. Helps surface why a particular skill is (or isn't) firing.