Pixels: Disposable Linux Containers for AI Coding Agents

The rise of AI coding agents has created a new challenge: how to provide these autonomous software developers with safe, isolated environments that can be quickly provisioned and discarded. Enter Pixels, a CLI tool that spins up disposable Linux containers specifically designed for AI coding agents, powered by TrueNAS and Incus.

The Container Lifecycle Problem

Traditional development environments present several issues when used with AI agents. They're often resource-intensive, difficult to reset to a clean state, and pose security risks when granting autonomous agents access to your local machine. Pixels addresses these challenges by treating containers as ephemeral resources that can be created, used, and destroyed with minimal overhead.

The tool manages the entire container lifecycle through a straightforward command-line interface. You can create new containers with specific resource allocations, start and stop them as needed, and permanently destroy them when they're no longer required. Each container is automatically prefixed with px- internally, though you interact with them using simple names.

Sandboxed Environments with Built-in Tools

What sets Pixels apart is its focus on AI coding workflows. When you create a new container, it comes pre-loaded with a curated set of development tools. The provisioning process automatically installs SSH keys, configures DNS via systemd-resolved, and sets up environment variables. More importantly, it installs development tools like mise (a polyglot version manager), Node.js LTS, and popular AI coding assistants including Claude Code, Codex, and OpenCode.

This provisioning happens asynchronously through a background systemd service, meaning you can start working immediately while the tools install in the background. For situations where you need everything ready before starting, the --console flag waits for provisioning to complete before dropping you into an interactive shell.

Checkpoint-Based State Management

One of Pixels' most powerful features is its use of ZFS snapshots for state management. Each container's root filesystem can be checkpointed at any time, creating a point-in-time snapshot that can be restored later. This is particularly useful for AI agents that might need to experiment with different approaches or revert to a known good state after encountering issues.

Creating checkpoints is straightforward: pixels checkpoint create mybox --label ready creates a snapshot with a custom label. You can list all checkpoints for a container, restore to any checkpoint (which stops the container, rolls back the filesystem, and restarts it), or delete checkpoints you no longer need. The ability to clone new containers from checkpoints means you can quickly spin up identical environments for parallel tasks or testing scenarios.

Network Egress Control for Security

The security model in Pixels is particularly noteworthy. AI coding agents often need internet access to fetch dependencies, access AI APIs, or clone repositories from GitHub. However, unrestricted network access poses significant security risks. Pixels addresses this with three network egress modes:

• Unrestricted: No filtering (default)
• Agent: A preset allowlist that includes AI APIs, package registries, Git/GitHub, Ubuntu repos, and more
• Allowlist: Custom domain list only

The agent preset is comprehensive, covering domains for Anthropic, OpenAI, Google AI, npm, PyPI, crates.io, Go proxy, GitHub (including release CDN), mise, Node.js, and Ubuntu package repositories. CIDR ranges are included for Google and GitHub/Azure CDN IPs.

Egress is enforced via nftables rules inside the container with restricted sudo access. While the security model acknowledges that a root process with cap_net_admin could potentially bypass these rules, the tool provides a reasonable balance between security and functionality for most use cases.

Configuration and Integration

Pixels is designed to integrate seamlessly with existing TrueNAS infrastructure. It requires TrueNAS SCALE with Incus virtualization enabled and communicates with the TrueNAS API over WebSockets. Configuration is flexible, supporting a TOML config file, environment variables, and CLI flags, with the latter taking precedence.

A typical setup involves creating a base container with agent egress restrictions, setting up your environment and dependencies, saving a checkpoint, then spinning up new containers from that checkpoint for individual tasks. When tasks are complete, containers can be destroyed, freeing up resources.

Use Cases and Implications

The implications of tools like Pixels are significant for the future of AI-assisted development. They enable truly disposable development environments that can be tailored for specific AI agents or tasks, reducing the risk of persistent state and security vulnerabilities. This model could become standard practice as AI agents become more autonomous and handle more sensitive operations.

For teams working with multiple AI agents or running parallel experiments, Pixels provides a scalable solution that maintains isolation between different workflows. The checkpoint system enables sophisticated state management that would be difficult to achieve with traditional development environments.

Getting Started

Installation is straightforward with go install github.com/deevus/pixels@latest, or you can build from source. The quick start guide demonstrates the typical workflow: create a base container with agent egress restrictions, set up your environment, save a checkpoint, then spin up new containers from that checkpoint for individual tasks.

Pixels represents a thoughtful approach to the unique challenges posed by AI coding agents. By combining containerization, checkpoint-based state management, and network egress control, it provides a secure, flexible foundation for the next generation of AI-assisted software development.