Frequently Asked Questions

Is network isolation really airtight?

Yes. With --network=none, no network namespace is attached to the pod — no loopback, no bridge, no external interface. A process inside cannot open a socket to the outside world. It's a kernel-level constraint that can't be bypassed by the model, malicious code, or user commands.

What AI models does SITU support?

SITU works with any model served through a compatible local backend — llama.cpp, LM Studio, Ollama, and others.

What hardware do I need?

Minimum: 16 GB RAM, or a 6 GB+ VRAM NVIDIA GPU, or Apple Silicon M1 or later, or an AMD Ryzen AI Max+ 395.
Recommended: 32 GB RAM or a 12 GB+ VRAM GPU for larger, more capable models.

Can I use NETWORK mode when I need internet access?

Yes. Setting the mode to NETWORK in the config file gives the agent a standard network connection — useful when you need it to fetch API documentation or check a remote resource. The key difference from other tools: you make this a deliberate, explicit choice rather than it being the always-on default.

Is SITU really free?

Yes. SITU is released under the MIT license — free to use, modify, and distribute, including for commercial work.

Can I use SITU for commercial projects and proprietary code?

Yes, that is precisely what SITU is built for. Developers in finance, legal, healthcare, and defense who cannot send source code to any third-party cloud can use SITU with full confidence that their IP never leaves their machine.

How does SITU compare to Aider?

Aider runs directly on the host filesystem with no network boundary — its documentation explicitly states that users are responsible for safety. SITU runs inside a Podman pod with --network=none enforced by the OS kernel: no socket can be opened, no file outside the mounted directory is visible, and nothing persists after the session ends. For any project where source code privacy matters, SITU is the better choice.

How does SITU compare to OpenHands?

OpenHands runs in Docker but leaves the network open by default — the documentation explicitly recommends disabling container network access manually for regulated data. SITU enforces --network=none at the OS level: no network interface exists inside the pod, so no manual step can be forgotten. For any project where the agent must be genuinely air-gapped, SITU is the better choice.

How does SITU compare to Goose?

Goose hardens the agent's behavior — it gates which tools the agent may invoke, but the agent still runs as the host user with full host network access. Behavior gates can be bypassed by a clever prompt or a buggy tool. SITU hardens the agent's environment: kernel namespaces prevent network egress and restrict filesystem access regardless of what the model or user instructs. For source code that must stay on the machine, environment isolation is the only guarantee that holds.

How do I verify that the security claims are real?

Feel free to audit the source on GitHub. Also run situ --test — it exercises the hardening from inside a live container and prints an audit report.

Related

• Restricted Mode — the complete technical explanation of how --network=none eliminates all egress paths for a private AI coding agent.
• Network Mode — the opt-in alternative and when to use it safely.
• Installation — step-by-step setup for a local, air-gapped AI coding agent on your hardware.
• Best Practices — recommended workflows for safe operation with sensitive source code.