earendil-works

earendil-works / gondolin

Public

Experimental Linux microvm setup with a TypeScript Control Plane as Agent Sandbox

earendil-works.github.iogondolin
682
45
100% credibility
Found Feb 05, 2026 at 87 stars 8x -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
TypeScript
AI Summary

Gondolin creates fast, local virtual Linux machines to safely execute untrusted code like AI-generated scripts, with full control over network access and files.

How It Works

1
🔍 Discover safe code running

You want to safely test AI-generated code without risking your computer or secrets.

2
📦 Get started easily

Run a simple command to download and launch your own secure mini-computer.

3
🚀 Your sandbox is ready

Watch it boot up super fast – under a second – with your rules already in place.

4
🔒 Set your safety rules

Tell it which websites to allow and what files it can touch, keeping secrets safe.

5
Run any code

Execute scripts or programs inside, seeing results instantly without worry.

Everything stays secure

Your code runs safely, secrets protected, and you control exactly what happens.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 87 to 682 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is gondolin?

Gondolin launches lightweight Linux micro-VMs via QEMU on Mac or Linux, booting in under a second with a TypeScript control plane for full network and filesystem oversight. It sandboxes AI agent code, injecting secrets at the HTTP layer (placeholders swap transparently) while allowlisting hosts and hooking requests. CLI kicks off with `npx @earendil-works/gondolin bash`; SDK lets you script VMs with custom VFS mounts and env vars.

Why is it gaining traction?

328 stars reflect buzz around its hermetic Linux sandbox for experimental agent workflows—programmable networking blocks exfiltration, VFS proxies files remotely or in-memory, and it sidesteps Firecracker's Mac issues for cross-platform parity. Quick spins match LLM cadences: exec code, tear down, repeat. Like an experimental linux distro with JS hooks, it tames untrusted code without cloud deps.

Who should use this?

AI engineers building agentic tools need this for running LLM-generated code safely—control egress to APIs like GitHub, hide keys from prompt injections. Devs prototyping experimental_use_hermetic_linux_sandbox setups or linux experimental kernel tests will dig the local, subsecond VMs over Docker's leakier isolation.

Verdict

Grab it for local agent sandboxes if you're on ARM64; 328 stars and solid docs show promise, but 1.0% credibility flags early-stage risks—expect tweaks for prod. Test your workflows thoroughly.

(187 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.