coi

The tool provides an Incus‑based container runtime that gives each AI coding agent its own isolated system container with full root access, systemd, Docker and package managers. Inside the container the agent can run services, schedule jobs and install software exactly as on a real server, while the host’s filesystem, credentials and environment variables remain untouched unless explicitly mounted. The runtime monitors container activity for suspicious behavior such as reverse shells or credential scanning and can automatically pause or terminate the container without manual intervention.

It is aimed at developers who run multiple AI coding agents and need strong isolation, persistent environments across reboots, and visibility into the agents’ actions. The system supports several AI coding tools out of the box, with a configurable permission mode that can require user confirmation before each action.

Distinctive aspects include the use of Incus instead of Docker for deeper system‑level isolation, built‑in security monitoring that actively defends the host, and features like snapshot management, resource limits and network isolation that together create a stable, CLI‑available runtime for AI‑driven development workflows.