AI sandbox that runs on your homelab

Pixels provisions Incus containers onto your TrueNAS server using their websocket API. I took inspiration from https://sprites.dev/. I have been doing a bit of vibe coding recently, but I didn't want to pay for a sandbox product. It's supposed to be simple to startup a container and get into a console. The most popular agent CLI's that I could think of are already installed if you provision with `devtools = true`.

I used Claude Code extensively but this is NOT vibe coded! I review every line of code. I might have missed some corkers when developing this at midnight.

It is using a bit of trickery to support checkpoints of the Incus containers. The main reason for this was so that you can spin up a base container, install everything you want, and then create a new container from that.

I did try to make the sandbox secure. I think I can do a better job there. Opus is actually pretty good at escaping a sandbox if you ask it to. Read the details in SECURITY.md.

In future I would like to provision the base container as part of the setup, to help speed up subsequent creates.

I'm not totally sold on the name. It was just the first thing I thought of. I don't know if this is even something others would want to use, but it scratches an itch for me.

---

A bit of backstory:

Over the last couple of months I have been working on a Terraform provider for TrueNAS SCALE [0] and it occurred to me that all this work could be extracted into a client library [1]. I wanted to play around with vaxis [2], so I created a basic TUI that you can use to monitor your TrueNAS server [3].

[0]: https://github.com/deevus/terraform-provider-truenas

[1]: https://github.com/deevus/truenas-go

[2]: https://github.com/rockorager/vaxis

[3]: https://github.com/deevus/truenas-tui