OPEN SOURCE — Apache 2.0

Secure container runtime
for AI agents.

One command to set up. One command to run. Every agent isolated in a hardened container — seccomp, network proxy, no host exposure. Multi-provider, multi-language. Build on it or use it standalone.

→ github.com/ysa-ai/ysa read the docs

// why ysa

// 01 — zero config

One command to start.

ysa setup handles everything on a fresh machine — Podman check, image build, CA cert, OCI hooks, proxy smoke test. Then ysa run "prompt" from any git repo. No config file required.

setup: ysa setup
run: ysa run "fix the auth bug"
streaming output: coming soon
refine/continue: coming soon

// 02 — security

Hardened by default.

Every task runs in a rootless Podman container with a custom seccomp profile, OCI network hooks, and a MITM proxy that enforces strict traffic rules. The host kernel is never exposed.

syscall whitelist: 190 calls
capabilities: --cap-drop ALL
network: proxy-enforced, logged
telemetry: none

// 03 — extensible

Multi-provider. Multi-language.

Claude and Mistral out of the box. Extend with registerProvider() to plug in any model. Auto-detects .mise.toml and pre-installs runtimes — Node, Python, Go, whatever the project needs.

providers: Claude, Mistral
custom: registerProvider()
languages: via mise auto-detect

// 04 — composable

Build on it.

Use ysa as an SDK and build your own orchestration layer on top. ysa platform is built exactly this way. The runtime is the only thing ysa will ever be.

import { runTask } from "@ysa-ai/ysa/runtime"
license: Apache 2.0
package: @ysa-ai/ysa
orchestration guide: coming soon

// where to go from here

01 //
Try the CLI
Install ysa, run ysa setup, fire your first task from a real repo.
 02 //
Build your own orchestration layer
Use runTask() as your primitive. Guide covers setup, providers, multi-language, result reading. — coming soon
03 //
Use ysa platform — coming soon
GitHub/GitLab integration, custom workflows, and team management out of the box. Built entirely on ysa.