I’m working on openoman, an open-source runtime for secure agent work on real repositories. The goal is to let agents do useful work without getting your Git credentials, touching your normal environment, or owning the publishing flow.
Each task runs in an isolated disposable sandbox. Publishing stays on the trusted side. And the system is API-first, so tasks can come from cli, bots, or your own internal tools.
What makes it different from cloud-first agent runtimes is that it is designed for your infrastructure: it can run against self-hosted gitlab and other non-cloud setups, it is agent-agnostic, so you are not locked into a single provider or model, and it can give agents enough isolated runtime to bring up the dependencies they need for real work — for example, a Docker Compose stack with postgres for tests.