能力标签

⚙️

Agent工作流

智能工作流

基于 Python · 无代码搭建完整 AI 自动化流程

英文名：code-on-incus

⭐ 523 Stars 🍴 39 Forks 💻 Python 📄 MIT 🏷 AI 7.5分

7.5AI 综合评分

ai-toolsagentic-aipython

⬇ 下载源码 ZIP ⚙️ 配置说明

✦ AI Skill Hub 推荐

智能工作流是 AI Skill Hub 本期精选Agent工作流之一。综合评分 7.5 分，整体质量较高。我们推荐使用将其纳入你的 AI 工具库，帮助提升工作效率。

📚 深度解析

智能工作流是一套完整的 AI Agent 自动化工作流方案。随着 AI 能力的不断提升，基于 Agent 的自动化工作流正在成为提升个人和团队效率的核心方式。区别于传统的 RPA 自动化（模拟鼠标键盘操作），AI Agent 工作流通过理解任务意图、动态规划执行路径，能够处理更复杂的非结构化任务。

智能工作流工作流的设计遵循"最小配置，最大复用"原则：核心逻辑已经封装好，用户只需配置自己的 API Key 和业务参数即可快速上手。工作流内置错误处理和重试机制，在网络波动或 API 限速等情况下仍能稳定运行，适合作为生产环境的自动化基础设施。

在实际部署时，建议先在测试环境中运行 3-5 次，验证各个环节的输出结果符合预期，再部署到生产环境。AI Skill Hub 评分 7.5 分，是同类 Agent 工作流中的精选推荐。

📋 工具概览

隔离AI代理，提供Docker和systemd支持

智能工作流是一套完整的 AI Agent 自动化工作流方案。通过可视化的节点编排，将复杂的多步骤任务拆解为清晰的自动化流程，实现全程无人值守的智能处理。支持与数百种外部服务和 API 无缝集成，适合构建数据处理管线、业务自动化和 AI 辅助决策系统。

GitHub Stars

⭐ 523

开发语言

Python

支持平台

Windows / macOS / Linux

维护状态

正常维护，社区驱动

开源协议

MIT

AI 综合评分

7.5 分

工具类型

Agent工作流

Forks

📖 中文文档

以下内容由 AI Skill Hub 根据项目信息自动整理，如需查看完整原始文档请访问底部「原始来源」。

隔离AI代理，提供Docker和systemd支持

📌 核心特色

可视化 Agent 工作流编排，无需编写复杂代码
支持多步骤自动化任务链，实现全流程无人值守
与外部 API、数据库和第三方服务无缝集成
内置错误处理与自动重试机制，保障稳定运行
提供可复用的自动化模板，快速在同类场景部署

🎯 主要使用场景

自动化日常重复性工作，将精力集中于创造性任务
构建数据采集 → 处理 → 输出的完整自动化管线
实现跨平台、跨系统的数据流转和业务协同

以下安装命令基于项目开发语言和类型自动生成，实际以官方 README 为准。

安装命令

# 方式一：pip 安装（推荐）
pip install code-on-incus

# 方式二：虚拟环境安装（推荐生产环境）
python -m venv .venv
source .venv/bin/activate  # Windows: .venv\Scripts\activate
pip install code-on-incus

# 方式三：从源码安装（获取最新功能）
git clone https://github.com/mensfeld/code-on-incus
cd code-on-incus
pip install -e .

# 验证安装
python -c "import code_on_incus; print('安装成功')"

📋 安装步骤说明

访问 GitHub 仓库获取工作流文件
在对应平台（Dify / Flowise / Make 等）中找到「导入工作流」功能
上传工作流文件
按照提示配置必要的环境变量和 API Key
运行测试确认流程正常后投入使用

以下用法示例由 AI Skill Hub 整理，涵盖最常见的使用场景。

常用命令 / 代码示例

# 命令行使用
code-on-incus --help

# 基本用法
code-on-incus input_file -o output_file

# Python 代码中调用
import code_on_incus

# 示例
result = code_on_incus.process("input")
print(result)

以下配置示例基于典型使用场景生成，具体参数请参照官方文档调整。

配置示例

# code-on-incus 配置文件示例（config.yml）
app:
  name: "code-on-incus"
  debug: false
  log_level: "INFO"

# 运行时指定配置文件
code-on-incus --config config.yml

# 或通过环境变量配置
export CODE_ON_INCUS_API_KEY="your-key"
export CODE_ON_INCUS_OUTPUT_DIR="./output"

📑 README 深度解析真实文档完整度 81/100 查看 GitHub 原文 →

以下内容由系统直接从 GitHub README 解析整理，保留代码块、表格与列表结构。

简介

Features

Core Capabilities - Multi-slot support - Run parallel AI coding sessions for the same workspace with full isolation - Session resume - Resume conversations with full history and credentials restored (workspace-scoped) - Persistent containers - Keep containers alive between sessions (installed tools preserved) - Workspace isolation - Each session mounts your project directory - Slot isolation - Each parallel slot has its own home directory (files don't leak between slots) - Workspace files persist even in ephemeral mode - Only the container is deleted, your work is always saved - Container snapshots - Create checkpoints, rollback changes, and branch experiments with full state preservation

Host Integration - SSH agent forwarding - Use git-over-SSH inside containers without copying private keys ([ssh] forward_agent = true) - Environment variable forwarding - Selectively forward host env vars by name (forward_env in config) - Host timezone inheritance - Containers automatically inherit the host's timezone (configurable via [timezone] config) - Sandbox context file - Auto-injected ~/SANDBOX_CONTEXT.md tells AI tools about their environment (network mode, workspace path, persistence, etc.). Automatically loaded into each tool's native context system: Claude Code via ~/.claude/CLAUDE.md, OpenCode via the instructions field in opencode.json (opt out with auto_context = false)

Security & Isolation - Credential protection - SSH keys, .env files, Git credentials, and environment variables are never exposed unless explicitly mounted - Privileged container guard - Refuses to start when security.privileged=true is detected, which defeats all container isolation - Security posture verification - coi health checks seccomp, AppArmor, and privilege settings to confirm full isolation - Kernel version enforcement - Warns on host kernels below 5.15 that may lack security features for safe isolation - Real-time threat detection - Kernel-level nftables monitoring detects reverse shells, C2 connections, data exfiltration, DNS tunneling, and credential scanning - Automated response - Auto-pause on HIGH threats, auto-kill on CRITICAL — no manual intervention needed - Network isolation - Firewalld-based restricted/allowlist/open modes block private network access and prevent exfiltration - Protected paths - .git/hooks, .git/config, .husky, .vscode mounted read-only to prevent supply-chain attacks - Host-side immutable protection - Protected paths are locked with chattr +i during sessions, preventing unshare -m + umount bypass of read-only mounts (opt out: [security] host_immutable = false) - Git identity guard - Containers enforce user.useConfigOnly=true, preventing AI tools from committing as the default "code" user - Guest API disabled - Incus guest API (/dev/incus) disabled by default, preventing host path and topology leaks - System containers - Full OS isolation with unprivileged containers, better than Docker privileged mode - Automatic UID mapping - No permission hell, files owned correctly - Audit logging - All security events logged to JSONL for forensics and compliance

Safe Dangerous Operations - AI coding tools often need broad filesystem access or bypass permission checks - These operations are safe inside containers because the "root" is the container root, not your host system - Containers are ephemeral - any changes are contained and don't affect your host - This gives AI tools full capabilities while keeping your system protected

Install

curl -fsSL https://raw.githubusercontent.com/mensfeld/code-on-incus/master/install.sh | bash

Build image (first time only, ~5-10 minutes)

coi build

- Full Docker access inside the container

Why Incus Instead of Docker or Docker Sandboxes?

Incus is a modern Linux container and virtual machine manager, forked from LXD. Unlike Docker (which uses application containers), Incus provides system containers that behave like lightweight VMs with full init systems.

Why Incus Instead of Docker Sandboxes?

Linux-first, not Linux-last. Docker Sandboxes' microVM isolation is only available on macOS and Windows. Linux gets a legacy container-based fallback. COI is built for Linux from the ground up because Incus is Linux-native.

No Docker Desktop required. Docker Sandboxes is a Docker Desktop feature. Docker Desktop is not open source and has commercial licensing requirements for larger organizations. COI depends only on Incus - fully open source, no vendor lock-in, no additional runtime.

System containers, not containers-in-VMs. Incus system containers run a full OS with systemd and native Docker support inside - one clean isolation layer. Docker Sandboxes nests application containers inside microVMs, adding architectural complexity.

No permission hell. Incus automatic UID/GID shifting means files created by agents have correct ownership on the host. No mapping hacks needed. (Note: files created via sudo in the workspace will be root-owned — the sandbox context file instructs AI tools to fix ownership after sudo operations.)

Credential isolation by default. Host environment variables, SSH keys, and Git credentials are never exposed to AI tools unless explicitly mounted.

Simple and transparent. No separate daemon, no opaque VM nesting. COI talks directly to Incus - easy to inspect, debug, and extend.

Installation

Automated Installation (Recommended)

```bash

One-shot install

curl -fsSL https://raw.githubusercontent.com/mensfeld/code-on-incus/master/install.sh | bash

- Download and install coi to /usr/local/bin

- Check for Incus installation

Build Images

```bash

Build the default coi-default image (5-10 minutes)

coi build

Build without compression (faster iteration)

coi build --compression none

Build a custom image via a profile

coi profile create my-image --image my-image

Edit .coi/profiles/my-image/config.toml to add a [container.build] section

coi build --profile my-image ```

What's included in the coi-default image: - Ubuntu 22.04 base with Docker (full Docker-in-container support) - mise (polyglot runtime manager) — Python 3, pnpm, TypeScript, tsx pre-installed; add more with mise use go@latest, mise use ruby@3, etc. - Node.js 20 LTS (system, for Claude CLI) + npm - Claude Code CLI (default AI tool) + GitHub CLI (gh) - tmux, git, curl, build-essential, and common build tools - Modern CLI utilities: fd-find, bat, tree - Debugging tools: strace, lsof - Database clients: sqlite3, postgresql-client, redis-tools - imagemagick for image processing

Custom images: Build your own specialized images using profile-based build scripts that run on top of the base coi-default image. See the Image Management wiki page for complete profile-based build workflows.

Quick Start

```bash

Usage

Advanced Usage

See the wiki for detailed documentation:

Container Operations - Container management and low-level operations
File Transfer - Push/pull files between host and containers
Tmux Automation - Automate AI sessions with tmux commands
Image Management - Create and manage custom images
Snapshot Management - Create checkpoints and rollback changes

~/.coi/config.toml or .coi/config.toml

[tool] name = "claude" # Default AI tool permission_mode = "bypass" # "bypass" (default) or "interactive" ```

See the Supported Tools wiki page for detailed configuration, API key setup, and adding new tools.

- No access to your host SSH keys, env vars, or credentials

```

.coi/config.toml (in your project)

[container] alias = "myproject"

bash coi shell myproject # Launch session using alias (from any directory) coi attach myproject # Attach to running aliased container ```

See the Container Lifecycle and Sessions guide for full alias documentation.

Or via config (~/.coi/config.toml)

[container] persistent = true ```

What persists: - Ephemeral mode: Workspace files + session data (container deleted) - Persistent mode: Workspace files + session data + container state + installed packages, system setup

See the Container Lifecycle and Sessions guide for details.

Configuration

Config file: ~/.coi/config.toml

```toml [container] image = "coi-default" persistent = true

~/.coi/config.toml

[limits.cpu] count = "2"

[limits.memory] limit = "2GiB"

[limits.runtime] max_duration = "2h" ```

What you can limit: - CPU cores and usage percentage - Memory and swap - Disk I/O rates - Maximum runtime and process count - Auto-stop on time limits

~/.coi/config.toml

[network] mode = "restricted" # Default — blocks private networks, allows internet

Enable in config (~/.coi/config.toml)

[monitoring] enabled = true ```

Protects against: - Reverse shells - Detects common reverse shell patterns (auto-kill) - Data exfiltration - Monitors large workspace reads/writes (auto-pause) - Environment scanning - Flags processes searching for API keys and secrets - Network threats (NFT) - Kernel-level detection of C2 connections, private network access, DNS tunneling, and allowlist violations

Automated response levels: - INFO/WARNING: Logged (+ alert for WARNING) - HIGH: Container paused (requires coi unfreeze to continue) - CRITICAL: Container killed immediately

Audit logs are stored at ~/.coi/audit/<container-name>.jsonl in JSON Lines format.

See the Security Monitoring wiki page for monitoring commands, configuration options, NFT setup, and audit log management.

- GitHub CLI available for PR/issue management

Security Comparison

Capability	code-on-incus	Docker Sandbox	Bare Metal
Credential isolation	Default (never exposed)	Partial	None
Real-time threat detection	Kernel-level (nftables)	No	No
Reverse shell detection	Auto-kill	No	No
Data exfiltration alerts	Auto-pause	No	No
Network isolation	Firewalld (3 modes)	Basic	No
Protected paths	Read-only mounts	No	No
Auto response (pause/kill)	Yes	No	No
Audit logging	JSONL forensics	No	No
Supply-chain attack prevention	Git hooks/IDE configs protected	No	No

Troubleshooting

See the Troubleshooting guide for common issues and solutions.

Common issues: - DNS issues during build - COI automatically fixes systemd-resolved conflicts - Run coi health to diagnose setup problems - Check the troubleshooting guide for detailed solutions

Frequently Asked Questions

See the FAQ for answers to common questions.

Topics covered: - Orphaned firewalld zone bindings (Docker + firewalld interaction) - How COI compares to Docker Sandboxes and DevContainers - Windows support (WSL2) - Security model and prompt injection protection - API key security and trust model - What is Incus? (vs tmux)

⚡ 核心功能

可视化 Agent 工作流编排，无需编写复杂代码
支持多步骤自动化任务链，实现全流程无人值守
与外部 API、数据库和第三方服务无缝集成
内置错误处理与自动重试机制，保障稳定运行
提供可复用的自动化模板，快速在同类场景部署

👥 适合人群

自动化工程师和运维人员项目经理和业务分析师希望减少重复性工作的专业人士数字化转型团队

🎯 使用场景

自动化日常重复性工作，将精力集中于创造性任务
构建数据采集 → 处理 → 输出的完整自动化管线
实现跨平台、跨系统的数据流转和业务协同

⚖️ 优点与不足

✅ 优点

+MIT 协议，可免费商用
+大幅减少重复性人工操作
+可视化流程，清晰直观
+可扩展性强，支持复杂场景

⚠️ 不足

−初始配置和调试需投入一定时间
−强依赖外部服务的稳定性
−复杂场景需具备一定技术基础

⚠️ 使用须知

AI Skill Hub 为第三方内容聚合平台，本页面信息基于公开数据整理，不对工具功能和质量作任何法律背书。

建议在沙箱或测试环境中充分验证后，再部署至生产环境，并做好必要的安全评估。

📄 License 说明

🔗 相关工具推荐

LLM资源合集（精选）

精选100+可直接运行的AI Agent和RAG应用集合。包含完整工作流示例、智能代理框架和检索增强生成系统。适合AI开

LangChain AI开发框架

Agent工作流

ai-agents-for-beginners Agent工作流

微软官方开源项目，提供12堂系统课程学习AI智能体框架。涵盖工作流设计、RAG检索增强、多智能体协作等核心技能。适合AI

n8n AI工作流自动化

Agent工作流

🧩 你可能还需要

基于当前 Skill 的能力图谱，自动补全的工具组合

total-agent-memory MCP工具

为Claude Code和Codex CLI提供持久化记忆功能的开源MCP工具。自动提取知识图谱，支持多轮对话上下文保留，适合需要长期记忆和

❓ 常见问题 FAQ

如何配置AI代理−

参考README文档

什么是 Agent 工作流？和普通自动化有什么区别？+

导入工作流后，我需要修改哪些配置？+

工作流运行失败了，如何排查问题？+

这个工作流每次运行会产生哪些费用？+

工作流可以定时自动运行吗？+

💡 AI Skill Hub 点评

经综合评估，智能工作流在Agent工作流赛道中表现稳健，质量良好。如果你已有明确的使用需求，可以直接上手体验；如果还在评估阶段，建议对比同类工具后再做决策。

⬇️ 获取与下载

⬇ 下载源码 ZIP

✅ MIT 协议 · 可免费商用 · 直接从 aiskill88 服务器下载，无需跳转 GitHub

📚 深入学习智能工作流

查看分步骤安装教程和完整使用指南，快速上手这款工具

⚙️ 安装教程 📚 使用教程

🌐 原始信息

原始名称	`code-on-incus`
原始描述	开源AI工作流：Give each AI agent its own isolated machine with root, Docker, and systemd. Acti。⭐523 · Python
Topics	`ai-toolsagentic-aipython`
GitHub	https://github.com/mensfeld/code-on-incus
License	MIT
语言	Python

🔗 原始来源

🐙 GitHub 仓库 https://github.com/mensfeld/code-on-incus

收录时间：2026-05-26 · 更新时间：2026-05-26 · License：MIT · AI Skill Hub 不对第三方内容的准确性作法律背书。

智能工作流

简介

Features

Install

Build image (first time only, ~5-10 minutes)

- Full Docker access inside the container

Why Incus Instead of Docker or Docker Sandboxes?

Why Incus Instead of Docker Sandboxes?

Installation

Automated Installation (Recommended)

One-shot install

- Download and install coi to /usr/local/bin

- Check for Incus installation

Build Images

Build the default coi-default image (5-10 minutes)

Build without compression (faster iteration)

Build a custom image via a profile

Edit .coi/profiles/my-image/config.toml to add a [container.build] section

Quick Start

Usage

Advanced Usage

~/.coi/config.toml or .coi/config.toml

- No access to your host SSH keys, env vars, or credentials

.coi/config.toml (in your project)

Or via config (~/.coi/config.toml)

Configuration

~/.coi/config.toml

~/.coi/config.toml

Enable in config (~/.coi/config.toml)

- GitHub CLI available for PR/issue management

Security Comparison

Troubleshooting

Frequently Asked Questions

🤖 交给 Agent 安装 · 智能工作流