Is network isolation really airtight?

Yes. With --network=none, no network namespace is attached to the pod — no loopback, no bridge, no external interface. A process inside cannot open a socket to the outside world. It's a kernel-level constraint that can't be bypassed by the model, malicious code, or user commands.

What AI models does SITU support?

SITU works with any model served through a compatible local backend — llama.cpp, LM Studio, Ollama, and others.

What hardware do I need?

Minimum: 16 GB RAM, or a 6 GB+ VRAM NVIDIA GPU, or Apple Silicon M1 or later, or an AMD Ryzen AI Max+ 395. Recommended: 32 GB RAM or a 12 GB+ VRAM GPU for larger, more capable models.

Can I use NETWORK mode when I need internet access?

Yes. Setting the mode to network in the config file gives the agent a standard network connection — useful when you need it to fetch API documentation or check a remote resource. The key difference from other tools: you make this a deliberate, explicit choice rather than it being the always-on default.

Yes. SITU is released under the MIT license — free to use, modify, and distribute, including for commercial work.

Can I use SITU for commercial projects and proprietary code?

Yes, that is precisely what SITU is built for. Developers in finance, legal, healthcare, and defense who cannot send source code to any third-party cloud can use SITU with full confidence that their IP never leaves their machine.

How do I verify that the security claims are real?

Audit the source on GitHub. Also run 'situ --test' — it exercises the hardening from inside a live pod and prints an audit report.

situAgent

Nothing Leaves the Room !

[ local · isolated · private ]

An open-source AI coding agent that runs entirely on your hardware, inside an
isolated container, with --network=none enforced by the OS kernel.
Your source code physically cannot leave the machine — not a promise, a constraint.

View on GitHub See how it works

situ runtime

$ situ

LM server : POD (llama.cpp official image)

Mounted : ./my-project

Mode : RESTRICTED

> Refactor the authentication module to use JWTs.

Analyzing auth.py... writing changes...

Security

No Exfiltration. By Design.

Most AI tools promise "we don't train on your data." SITU makes exfiltration technically impossible. By default, the container runs with --network=none — no network interface exists at all. The agent cannot call home, contact an API, or send a single byte to the outside world, regardless of what the model or user instructs. Not a policy. A namespace constraint the kernel itself enforces.

"Not a privacy policy. A kernel constraint."

situ security testing

% situ --test

[PASSED] LM container is reachable http://127.0.0.1:8080/

[INFO] Model in use gemma-4.gguf

[PASSED] External HTTP is blocked http://example.com

[PASSED] External HTTPS is blocked https://example.com

[PASSED] External DNS is blocked example.com

[PASSED] External TCP is blocked 8.8.8.8:53

Privacy

Leave No Trace

Every SITU session run is an isolated, short-lived container. When you exit, the pod and all its containers are automatically destroyed — no logs retained, no conversation history stored, no residual state. Your context, prompts, and partial outputs vanish completely. What happens in SITU stays in SITU. Full stop.

"The session ends. So does everything in it."

situ session lifecycle

situ> /quit

Shutting down session...

Stopping containers... done

Removing pod... done

✓ No logs retained

✓ No conversation history

✓ Residual state: zero

Isolation

Strict Workspace Isolation

SITU only sees what you define. Nothing else exists inside the container. Your home directory, SSH keys, credentials, environment variables, and the rest of your filesystem are completely invisible to the agent. You define the blast radius before the session even starts — and the container boundary enforces it.

"It sees exactly what you show it. Nothing more."

filesystem scope

$ ls ~/

projects/ .ssh/ .env Documents/

$ cd ./my-project && situ

✓ Mounted: ./my-project

Agent-visible filesystem:

✓ ./my-project

✗ ~/.ssh (not visible)

✗ ~/.env (not visible)

✗ ~/Documents (not visible)

Performance

Your Hardware. Your Rules.

SITU runs on any machine that can run an AI model: a developer MacBook on CPU, an AMD workstation using ROCm, or an NVIDIA GPU rig with CUDA. No cloud account required. No token quota. No rental fees. SITU starts its own secure llama container, but you can also point it to your own llama.cpp instance or LM Studio — the choice is yours. Better hardware means larger models and faster inference, and the ceiling is yours to raise.

"Your hardware. Your model. Your rules."

hardware detection

$ situ --detect

✓ Apple M4 Pro detected

✓ Backend: llama.cpp (Metal)

✓ RAM: 48 GB

✓ Model: Qwen2.5-Coder-32B

Tip: Use CUDA backend on NVIDIA

Use ROCm backend on AMD

All backends run locally.

Why developers choose SITU

Network Off by Default

The agent has no internet access unless you deliberately switch to NETWORK mode. Sensitive work stays isolated. When you need to fetch documentation, you make a conscious, explicit choice.

100% Open Source (MIT) — Audit It Yourself

Every container definition, every shell script, every line — published under the MIT License. Real transparency means the code speaks for itself. Read it, verify it, run it - securely.

Free. No Subscription. No Surprises.

No per-seat license, no monthly billing, no token quota. The only cost is the hardware you already own — run unlimited sessions on unlimited projects, forever.

Type `situ` Anywhere. Start Coding.

SITU follows you wherever you work. No configuration needed per project. No plugin to install in your editor. Just a terminal and your project directory.

$ cd ~/fintech-core

$ situ

✓ RESTRICTED mode — network severed

✓ Mounted: ./fintech-core

situ> Add rate limiting to the /transfer endpoint.

Reading transfer.py... analyzing...

Writing rate_limiter.py...

Updating transfer.py...

✓ Done. 2 files changed.

situ> Write unit tests for the new limiter.

Writing test_rate_limiter.py...

✓ 8 tests written. All pass locally.

situ> /quit

Session ended. Pod destroyed. No trace.

Nothing Leaves the Room !

No Exfiltration. By Design.

Leave No Trace

Strict Workspace Isolation

Your Hardware. Your Rules.

Why developers choose SITU

Network Off by Default

100% Open Source (MIT) — Audit It Yourself

Free. No Subscription. No Surprises.

Up and Running in 15 Minutes

Clone & Build

Download a Model

Run the local agent

Type `situ` Anywhere. Start Coding.

Keep your code in the room.

Nothing Leaves the Room !

No Exfiltration. By Design.

Leave No Trace

Strict Workspace Isolation

Your Hardware. Your Rules.

Why developers choose SITU

Network Off by Default

100% Open Source (MIT) — Audit It Yourself

Free. No Subscription. No Surprises.

Up and Running in 15 Minutes

Clone & Build

Download a Model

Run the local agent

Type situ Anywhere. Start Coding.

Keep your code in the room.

Type `situ` Anywhere. Start Coding.