Show HN: YSA – Sandbox for AI agents with outbound network control (github.com)

A new project called YSA has been launched, providing a secure sandbox environment for running AI coding agents on local machines. This innovative tool includes a container runtime that isolates every agent in a rootless Podman container, ensuring security through a hardened sandbox. Additionally, YSA features a local web dashboard and CLI for task management, allowing users to run multiple agents simultaneously on distinct branches of the same codebase without any data leaving their network. The development is currently in early stages, primarily optimized for Claude Code in JavaScript/TypeScript, with future support planned for additional languages and self-hosted models. YSA’s significance lies in its emphasis on security, sovereignty, and productivity for AI/ML developers. Its unique architecture employs advanced container security mechanisms like restricted outbound traffic control and a strict syscall whitelist, minimizing risks such as privilege escalation and data exfiltration. By enabling developers to test AI agents safely and concurrently without cloud dependencies or telemetry, YSA not only fosters innovation but also addresses critical concerns around data privacy in AI development. The project is open to contributions, with plans to formalize its structure for broader accessibility in the AI community.