Code On Incus
Run coding agents in hardened Incus containers with real-time network threat detection, automatic th
Rating
Votes
0
score
Downloads
0
total
Price
Free
API key required
Works With
About
code-on-incus (coi)
](https://opensource.org/licenses/MIT) [ [](https://github.com/mensfeld/code-on-incus/releases)
Security-Hardened Container Runtime for AI Coding Agents with Real-Time Threat Detection
Run AI coding assistants (Claude Code, opencode, Aider, and more) in isolated, production-grade Incus containers with zero permission headaches, perfect file ownership, and true multi-session support.
Limited Blast Radius: Prepare your workspace upfront, let the AI agent run in isolation, validate the outcome. No SSH keys, no environment variables, no credentials exposed. If compromised, damage is contained to your workspace. Network isolation helps prevent data exfiltration. Your host system stays protected.
Security First: Unlike Docker or bare-metal execution, your environment variables, SSH keys, and Git credentials are never exposed to AI tools. Containers run in complete isolation with no access to your host credentials unless explicitly mounted.
Proactive Defense: COI doesn't just isolate AI tools — it can actively watch them. Enable the built-in security monitoring daemon ([monitoring] enabled = true) to detect reverse shells, credential scanning, and large data reads in real time, automatically pausing or killing the container before damage can occur. No manual intervention needed.
Think Docker for AI coding tools, but with system containers that actually work like real machines.
Watch the BetterStack video about Code on Incus
Table of Contents
- Supported AI Coding Tools
- Supported Tools (detailed)
- Features
- Quick Start
- Why Incus Instead of Docker or Docker Sandboxes?
- Installation
- macOS Support
- Usage
- Session Resume
- Persistent Mode
- Configuration
- Profiles
- Resource and Time Limits
- Container Lifecycle & Session Persistence
- Network Isolation
- Security Monitoring
- Security Best Practices
- Snapshot Management
- System Health Check
- Troubleshooting
- FAQ
Supported AI Coding Tools
Don't lose this
Three weeks from now, you'll want Code On Incus again. Will you remember where to find it?
Save it to your library and the next time you need Code On Incus, it’s one tap away — from any AI app you use. Group it into a bench with the rest of the team for that kind of task and you can pull the whole stack at once.
⚡ Pro tip for geeks: add a-gnt 🤵🏻♂️ as a custom connector in Claude or a custom GPT in ChatGPT — one click and your library is right there in the chat. Or, if you’re in an editor, install the a-gnt MCP server and say “use my [bench name]” in Claude Code, Cursor, VS Code, or Windsurf.
a-gnt's Take
Our honest review
Run coding agents in hardened Incus containers with real-time network threat detection, automatic th. Best for anyone looking to make their AI assistant more capable in security. It's completely free and works across most major AI apps. This one just landed in the catalog — worth trying while it's fresh.
Tips for getting started
Tap "Get" above, pick your AI app, and follow the steps. Most installs take under 30 seconds.
Heads up: this needs an API key to work. You'll get one from the service's website (usually free). The setup guide tells you exactly where.
What's New
Imported from GitHub
Ratings & Reviews
0.0
out of 5
0 ratings
No reviews yet. Be the first to share your experience.