(github.com)

120 points gbxk | 1 comments | 21 Oct 25 15:22 UTC | HN request time: 0s | source

I've built this to make it easy to host your own infra for lightweight VMs at large scale.

Intended for exec of AI-generated code, for CICD runners, or for off-chain AI DApps. Mainly to avoid Docker-in-Docker dangers and mess.

Super easy to use with CLI / Python SDK, friendly to AI engs who usually don't like to mess with VM orchestration and networking too much.

Defense-in-depth philosophy.

Would love to get feedback (and contributors: clear & exciting roadmap!), thx

Show context

mentalgear ◴[21 Oct 25 16:22 UTC] No.45657697[source]▶

>>45656952 (OP) #

I would really like to see a good local sandboxing solution in this space, something that is truly local-first. This is especially important since many coding models / agentic builders will eventually become lightweight enough to run them on-device instead of having to buy tokens and share user data with big LLM cloud providers.

replies(7): >>45658204 #>>45658498 #>>45659517 #>>45661176 #>>45662480 #>>45662484 #>>45666374 #

sshine ◴[21 Oct 25 22:23 UTC] No.45662484[source]▶

>>45657697 #

https://rstrict.cloud/ is a CLI built in Rust on top of the Landlock API for the Linux kernel.

It lets you narrow the permission scope of an executable using simple command line wrappers.

replies(1): >>45666618 #

1. gbxk ◴[22 Oct 25 09:20 UTC] No.45666618[source]▶

>>45662484 #

Thanks, will study that one too!

↑

Show HN: Katakate – Dozens of VMs per node for safe code exec