Welcome to SITU Agent
SITU is a free, open-source AI coding agent that runs entirely on local hardware inside an isolated container. It is built for developers whose source code cannot be sent to the cloud — IP-sensitive teams in finance, defense, legal, biotech, healthcare, and government, and anyone who simply wants their work to stay on their machine.
The core idea
Most AI coding tools rely on a privacy policy — a written promise not to train on, retain, or leak the data sent to a cloud endpoint. SITU replaces that promise with a kernel-level constraint. By default the containers run on an internal network with no external routes — no gateway, no DNS upstream, no outbound path. A process inside cannot reach the outside world, regardless of what the model or the user instructs.
If something does not need network access, it should not have one. The kernel enforces that, not a settings page.
Two modes of operation
Every session runs in one of two modes. The default is the strict one; the other has to be turned on deliberately.
- RESTRICTED — the default. No external network routes. Source code physically cannot leave the container.
- NETWORK — if the mode is set to NETWORK (opt-in explicitly!), the SITU container is given access to the network. In this mode, SITU can then fetch information from the internet, and the LM_HOST and LM_PORT parameters in situ.conf may point to other machines hosting llama.cpp, LM Studio, or Ollama. SITU can still only access the mounted directory — nothing else on your machine.
SITU treats network access as a deliberate exception, not the always-on default.
What to read next
- First Steps — prerequisites, install steps, first run, and security verification.
- Best Practices — recommended workflows, mode selection, and safety guidelines.
- The source on GitHub — every container definition and shell script is published under MIT.