OpenShell - DeveloPassion

# OpenShell OpenShell is a safe, private runtime for autonomous [[AI Agents]] built by NVIDIA. It provides sandboxed execution environments using [[Docker]] and [[Kubernetes]] (K3s) to isolate AI agents while protecting user data, credentials, and infrastructure through declarative policy enforcement. ## How it works Each agent runs in an isolated container governed by YAML-based policies. OpenShell follows the principle of least privilege: agents start with minimal permissions, and access is explicitly allowlisted. The system enforces four policy layers: - **Filesystem**: prevents unauthorized file access - **Network**: blocks unauthorized outbound connections via policy-enforced egress routing - **Process**: prevents privilege escalation - **Inference**: reroutes LLM API calls to controlled backends, keeping sensitive context local Static policies (filesystem, process) lock at sandbox creation. Dynamic policies (network, inference) can be hot-reloaded on running sandboxes without restart. ## Architecture Everything runs within a single Docker container using K3s for orchestration: - **Gateway**: control-plane API managing sandbox lifecycle and authentication - **Policy Engine**: enforces constraints from application layer to kernel - **Privacy Router**: reroutes model API calls while keeping sensitive context local - **Sandbox**: isolated runtime with container supervision ## Credential management OpenShell uses "providers", which are named credential bundles injected as environment variables at runtime. Credentials never appear in the sandbox filesystem, preventing exfiltration. ## Supported agents - [[Claude Code]] - OpenCode - GitHub Copilot CLI - OpenClaw - Ollama - Community-contributed agents ## Tech stack Core is written in [[Rust]] with [[Python]] for the CLI and tooling. Default sandbox includes Python 3.13, Node.js 22, Git, GitHub CLI, and Vim. Experimental GPU passthrough supports local inference and fine-tuning. ## Development philosophy The project is "built agent-first": the codebase includes agent skills for debugging, policy generation, security review, and triage. Development follows a human-gated workflow where agents propose plans, humans approve, and agents implement. ## Status Alpha (single-player mode). Licensed under Apache 2.0. ## References - https://github.com/NVIDIA/OpenShell - https://docs.nvidia.com/openshell/latest/ ## Related - [[AI Agents]] - [[AI Agent Permissions]] - [[AI Agent Harness]] - [[AI Safety]] - [[Containerization]] - [[Docker]] - [[Kubernetes]] - [[Rust]] - [[Claude Code]] - [[NVIDIA Agent Toolkit]] - [[NemoClaw]] - [[NVIDIA Nemotron]]