Give your AI coding agents their own machines — not your credentials

isx onboards agents the way you'd onboard a new teammate: a real Linux workstation of their own, credentials that never enter the environment, and disposable copy-on-write branches. Just as good for triaging untrusted patches and reproducing bug reports — without risking your host.

brew install Sanne/tap/incus-spawn
sudo dnf copr enable sanne/incus-spawn
sudo rpm --import https://download.copr.fedorainfracloud.org/results/sanne/incus-spawn/pubkey.gpg
sudo dnf install incus-spawn
curl -fsSL https://isx.run | sh
jbang app install isx@Sanne/incus-spawn

Credentials never enter containers

A host-side MITM TLS proxy intercepts HTTPS and injects credentials transparently — claude, pi, gh, git, curl, and any other tool work unmodified, with no configuration or wrappers needed inside the environment. Branches run with full internet, proxy-only egress, or completely airgapped.

The proxy also caches container image layers and build artifacts on the host — the same dependency is never downloaded twice.

Real machines, not process jails

Docker and Podman are built for shipping applications — minimal filesystems, single-process isolation, fast startup. isx solves a different problem: full system containers powered by Incus that behave like real machines. Each environment runs its own init system, has real networking (ping, strace, nested Podman/Docker), and supports GUI and audio passthrough. Templates pre-install your baseline tools and repos, but the environment is a real Linux system — agents and users can freely dnf install, pip install, build from source, or run Docker Compose just like on a workstation. For untrusted code, KVM virtual machines provide hardware-level isolation with a separate kernel.

Instant branching

Like git branch, each clone is a copy-on-write snapshot that shares storage with its parent. Build a template once with your preferred tools and repos, then spin up complete, disposable environments in seconds — each with its own filesystem, networking, and process tree.

tpl-java  (stopped template, ~2GB)
  ├── fix-nasty-bug    (running, uses ~50MB extra)
  ├── review-pr-423    (running, uses ~30MB extra)
  └── experiment       (stopped, uses ~10MB extra)

Built for developer workflows

Templates are YAML: packages, tools, repos. Branch and it's all there. Git remotes are managed automatically — git fetch fix-auth from your host pulls commits straight out of the container. JetBrains Gateway, shell completions, and Claude Code skills plug in via the same tool system.

# Inside the container, you make some commits...
# Back on the host:
git fetch fix-auth
git cherry-pick fix-auth/main
incus-spawn interactive TUI showing templates and instances