EctoLedger: Open-source microVM sandbox for local AI agents with terminal access

EctoLedger is an open-source runtime firewall and ledger designed to securely run autonomous AI agents locally with terminal or tool access. The tool addresses the security risk that standard Docker or chroot sandboxes can eventually fail, potentially allowing a hallucinated command like curl | bash or a kernel exploit to compromise the host system.

Security layers and isolation

EctoLedger implements four prevention layers that execute before any action runs:

• Semantic policy checks
• Dual-LLM validator
• Schema enforcer
• Tripwire kill-switch

Only after these checks does the system spin up commands in real isolation using either Apple Hypervisor.framework on macOS or Firecracker microVM on Linux. According to the source, this provides zero host access possible.

Technical implementation

The core is written in Rust with a Tauri GUI. The system creates a ZK-verifiable audit trail of every tool call, providing a ledger of agent actions. The project is fully open source under the Apache 2.0 license with no paywalls.

Getting started

The quickstart involves running docker compose up according to the demo and quickstart instructions. The source provides two main links:

• Demo + quickstart: https://ectospace.com/EctoLedger
• GitHub repository: https://github.com/EctoSpace/EctoLedger

The source material frames this as a solution for developers running local AI agents who need stronger isolation than standard containerization provides, particularly when agents have terminal access that could execute potentially harmful commands.