Cowboy
Nix-native AI Agent Platform
Secure, observable AI agents with Zellij WASM runtime. Declarative NixOS configuration, sandboxed tool execution, and zero-trust security model.
Features
Zellij WASM Runtime
AI agents run as WebAssembly plugins inside Zellij terminal multiplexer with full isolation.
Declarative NixOS Config
Define agents, tools, and security policies as NixOS modules. Reproducible, auditable deployments.
Zero-Trust Security
Network namespace isolation, credential-injecting proxy, and compiled Rust security filters.
Zero-Trust Security Model
Network Isolation
Agents run in isolated network namespaces with no internet access unless explicitly configured.
Credential Injection
API keys and secrets are injected via proxy - never exposed to the AI agent itself.
Sandboxed Execution
Tools run in Bubblewrap sandboxes with seccomp-bpf filters for syscall whitelisting.
Documentation
Explore comprehensive documentation covering architecture, security model, deployment, and API reference.
View Documentation