SMART Workspace🔗

Browser-accessible Linux dev environments with kernel-level isolation, deployable on infrastructure you own.

Modern development means running untrusted code in trusted places. AI-generated scripts. Contractor commits. Customer datasets. Prototypes from a new hire’s first week. Standard container runtimes share the host kernel, so one bad syscall in a workspace can compromise the host.

SMART Workspace gives every workspace a kernel-level isolation boundary. It federates identity with whatever your organization already runs, records every session for audit, and runs entirely on your hardware.

Real isolation, not namespaces🔗

Every workspace runs inside gVisor, the userspace kernel Google built for Cloud Run and App Engine. It is the same sandbox Anthropic uses to safely execute the code Claude generates, and the same one OpenAI runs Code Interpreter on. The boundary sits at the kernel, not just at namespace separation.

Take copy.fail (CVE-2026-31431), a Linux kernel privilege-escalation chain that turns an unprivileged user into root. Under a standard container runtime, that is a host compromise. Under gVisor, the syscalls the exploit relies on are not even exposed inside the workspace. It dead-ends at the sandbox.

Your hardware. Your data. Your identity.🔗

SMART Workspace runs on infrastructure you own. No code, no data, and no identity flows through a third party.

• OIDC federation with the identity provider you already run. Authentik ships bundled and federates to Okta, ADFS, Active Directory, Google, and GitHub.
• Air-gap deployable. Caddy issues real certificates over DNS, so the host never needs a public IP.
• No external telemetry. The platform does not phone home. All state lives on the host.

Audit-ready by default🔗

• Every session recorded. Byte-perfect transcripts of what was typed and what the shell printed, written to local disk. Recording survives reconnects, so a dropped connection never fragments the trail.
• Signed git audit trail. Each closed session is committed to a per-user repository signed by the host key, with a tamper-evidence ledger line in every commit.
• Privileged-action audit log. An append-only record of account, credential, and workspace lifecycle events, browsable from the admin console.

Usable today🔗

• Self-serve workspace provisioning, bounded by admin-set quotas
• A persistent browser shell that survives closing the tab, plus SSH and a scriptable CLI
• One-click sidecar services on a private per-workspace network: PostgreSQL, Redis, and ActiveMQ Artemis
• Multi-distro base images: Ubuntu, Fedora, and Arch
• Self-service encrypted backups to storage you control

Who it is for🔗

Enterprise dev teams, regulated industries, and federal missions that need to give developers real Linux while keeping the blast radius contained. If your people run other people’s code, and shipping it through a SaaS workspace is not an option, SMART Workspace is built for you.

See it work🔗

Watch the demo: https://youtu.be/8257E0_1Xv4

To talk through a deployment, reach us at contact at 76dev.com.