The adjacent problem I’ve been focused on is what happens after the agent finishes in its isolated environment: how do you review what it actually changed before accepting the result?
I’m interested in diff/commit/rollback at the filesystem level, so you can selectively keep some changes and discard others.
I’m sorry I didn’t reply sooner. I’d love to hear about the diff/commit/rollback stuff you’re working on. Feel free to message me on discord or however you like (I’m pretty easy to find).
Please let me know if I can help you in any way or if you have any ideas.
It's still changing a lot in the current state; we're pushing about two new version updates a day, with some really helpful big features coming this week.
I kept running AI coding agents with full filesystem and network access,
and no way to review what they did before it hit my system. Docker isolates
but doesn't govern. So I built envpod.
Every agent runs in a pod with a copy-on-write overlay. Your host is never
touched until you explicitly commit:
$ sudo envpod init my-agent --preset claude-code
$ sudo envpod run my-agent -- claude
$ sudo envpod diff my-agent # review every change
$ sudo envpod commit my-agent # apply to host, or rollback
Also: encrypted credential vault (agent never sees raw API keys), per-pod
DNS filtering (whitelist which domains the agent can reach), action queue
(irreversible ops wait for approval), and append-only audit trail.
Single 13 MB static Rust binary. No daemon, no container runtime, no
dependencies. Warm start in 32ms. 50 pod clones in 408ms. Tested on 9
Linux distros.
41 example configs for Claude Code, Codex, Aider, SWE-agent, browser-use,
and more.
The adjacent problem I’ve been focused on is what happens after the agent finishes in its isolated environment: how do you review what it actually changed before accepting the result?
I’m interested in diff/commit/rollback at the filesystem level, so you can selectively keep some changes and discard others.
Different problem, but they compose naturally.
reply