Most computer-use failures start before the model acts: the agent is operating inside the user's real browser, clipboard, focus, or files. agent-workspace-linux takes the opposite route. It creates an agent-owned Linux desktop backed by Xvfb and openbox, with a separate browser and clipboard.
The first run should be boring and observable. Install the Linux dependencies from the upstream README, then run agent-workspace-linux doctor. Use workspace start --dry-run before workspace start --ack-hidden-workspace --purpose "QA run". Open the viewer, launch one test app, save workspace observe --screenshot --output /tmp/ws.png, and finish with workspace stop.
Do not call the viewer a security boundary. --permissions or AGENT_WORKSPACE_PERMISSIONS is the hard ceiling for networks, mounts, and apps; without bubblewrap, those policies may only be declared. The project is pre-1.0, and issues #21 and #22 cover live-control and clipboard risks. I would use it first for GUI QA or disposable browser profiles, not production credentials.
Project: https://doramagic.ai/en/projects/agent-workspace-linux/
Manual: https://doramagic.ai/en/projects/agent-workspace-linux/manual/
Upstream: https://github.com/agent-sh/agent-workspace-linux
Independent Doramagic resource pack; not an official upstream release or endorsement.
Top comments (0)