stereOS - hardened Linux for AI agents

Nix-based Linux distribution purpose-built for running AI agents. Hardened defaults and an immutable base aimed at sandboxing autonomous coding agents.

Saved Apr 28, 2026View source ↗

#agent-security #self-hosted #ai-agent #sandbox

This entry doesn't have a long-form writeup yet. Follow the source link above for the full context.

Featured in

Security tools for AI coding agents
Sandboxes, scanners, proxies, and governance toolkits that keep autonomous agents from doing damage.
Self-hosted developer tools and PaaS
Open-source, self-hosted alternatives to Heroku, Render, GitHub Actions, and the rest of the SaaS dev stack.

Related entries

GitHub Tool

smolvm - portable lightweight VMs in a single file

Open-source CLI for sub-second VMs on macOS (Hypervisor.framework) and Linux (KVM) via libkrun. Sandboxes untrusted code with hardware isolation and packs stateful environments into a single .smolmachine file.

#rust #sandbox #agent-security #cli #self-hosted

GitHub ToolFeatured

CubeSandbox - sub-60ms self-hosted E2B alternative

Open-source sandbox runtime for LLM-generated code built on RustVMM and KVM. Targets sub-60ms cold starts with full kernel isolation, designed as a self-hostable replacement for closed E2B-style services.

#sandbox #agent-security #rust #self-hosted #kvm

GitHub Tool

Agentjail - self-hosted Linux sandbox for AI code

Minimal Linux sandbox for running untrusted code, designed for AI agents and build systems. Self-hosted alternative to Freestyle.sh-style code execution services.

#agent-security #self-hosted #sandbox

GitHub Tool

sandboxed.sh - self-hosted agent sandbox orchestrator

Self-hosted Rust orchestrator that runs Claude Code and OpenCode inside isolated Linux workspaces, with skills, configs, and encrypted secrets stored in a git repo.

#claude-code #agent-security #rust #self-hosted #multi-agent