About

Built because agents started running code.

When software writes software, somebody has to own the room where it runs. Shells is that room: isolated, observable, disposable — and honest about exactly what it does.

Shells is built by L1fe, where most of the code being executed day to day is written by agents. That created a very practical problem: untrusted code, generated at machine speed, needing somewhere real to run — with walls that hold and a cleanup story that always works.

The internal answer became a product. Not a general compute platform, not a dev-environment suite — a sandbox product with opinions: sealed networking by default, isolation chosen per shell, destructive actions behind typed confirmation, and every action on the record in an always-dark terminal.

The name is the interface. You get a shell. It runs. You wipe it. Nothing lingers.

shells — origin
why shells
agents write code faster than humans review it.
that code has to run somewhere.
somewhere with walls · somewhere disposable

Principles

What the product is held to.

Four rules that decide roadmap arguments. They've each killed at least one feature.

01

The boundary is the product

Everything else — the console, the SDK, the MCP server — is a way to use the boundary. If the isolation story ever gets fuzzy, nothing else matters.

02

Agents are users, not threats

Most platforms bolt agents on through an API afterthought. Shells gives them the same product through MCP, behind the same permission checks as humans — one extra entitlement, zero side doors.

03

Honest beats impressive

Logs are fetched on demand — so that's what the website says. Marketing copy that the product can't back is a bug, and we fix bugs.

04

Small surface, sharp tools

Five languages, three isolation classes, six lifecycle capabilities, four MCP tools. Every addition has to fight its way in past the question: does the boundary still hold?

What it sits on

Three layers, no mystery.

Shells is deliberately thin. The hard problems live in infrastructure that runs far more than sandboxes — and that's the point.

Omega

Compute substrate

Shells' sandboxes are Omega sandbox workloads — the same WASM, container, and microVM runtimes that power the wider L1fe platform, fronted by a deliberately small facade.

Keystone

Tenancy & identity

Sessions, IAM, entitlements, and usage metering delegate to Keystone (Auth v4 / IAM v4 / Garden v4). Shells never invents its own auth — that's how auth bugs are born.

MCP

Agent interface

The @l1fe/shells-mcp server is a first-class product surface, not an integration. Agents get list, create, action, and term — the entire console, machine-shaped.

The rest is best said by the product.

The free tier runs real workloads with real isolation — judge the room by standing in it.

Open consoleTalk to us