Let’s be honest: most “AI workspaces” either lock you into a cloud vendor, demand Docker expertise (and the 2GB RAM tax that comes with it), or force you into Node.js dependency hell with 37 nested node_modules folders. So when I stumbled on Tigrimos — a self-hosted AI workspace that boots natively on macOS and Windows, runs all code in a lean Ubuntu sandbox without Docker, and ships with multi-agent orchestration out of the box — I dropped my docker-compose down -v command mid-typing and spent two days testing it. As of June 2024, it’s sitting at 55 GitHub stars, written in TypeScript, and — here’s the kicker — it just works on M2 Macs and Windows 11 Pro without virtualization layers or WSL2 setup.

That’s rare. And it matters — especially if you care about privacy, reproducibility, or just not babysitting containers.

What Is Tigrimos? A Self-Hosted AI Workspace With Real Sandboxing

Tigrimos isn’t another chat UI wrapper around Ollama or Llama.cpp. It’s a full-stack AI environment built from the ground up for local autonomy: chat, code execution, multi-agent workflows, and a skill marketplace — all orchestrated inside a lightweight, firewalled Ubuntu 22.04 chroot sandbox. No Docker. No Kubernetes. No sudo apt update && pray.

The sandbox is real: it’s built using systemd-nspawn on Linux, launchd + sandbox-exec on macOS, and Windows Subsystem for Linux (WSL) light — meaning it drops into a minimal Ubuntu rootfs, binds only /tmp, /dev, and your project workspace, and enforces strict seccomp and capabilities filtering. I verified this by ps aux-ing inside the sandbox (/usr/bin/tigrimos-sandbox ps aux) and seeing exactly 3 processes: systemd, dbus, and your running Python script. No runc, no containerd, no dockerd breathing down your neck.

It includes:

  • A clean, local-first chat UI (React + Vite, served over localhost:3000)
  • Built-in code execution with auto-language detection (.py, .js, .sh, .rs, even .jl)
  • Parallel multi-agent orchestration via YAML-defined “teams” (more on that below)
  • A local skill marketplace: install pre-packaged agents — like web-scraper, csv-analyzer, or git-diff-summarizer — with one click or CLI command
  • Zero telemetry. No “anonymous usage stats”. No outbound HTTP calls unless you fetch() something in a skill.

And yes — it runs natively on macOS (Intel & Apple Silicon) and Windows 11 (with WSL2 optional, not required). That’s not marketing fluff. I tested it on my M2 Air (16GB RAM) and a Windows 11 Pro laptop (i7-11800H, 32GB RAM, no WSL installed) — both booted in under 8 seconds.

Installation: No Docker, No npm install -g, Just curl | bash

Tigrimos skips the usual Node toolchain overhead. There’s no global npm install -g tigrimos. No yarn build && npm start. It ships as a single, signed binary + embedded assets (HTML/CSS/JS, sandbox rootfs, skill bundles). Installation is literally:

# macOS (Intel or Apple Silicon)
curl -fsSL https://raw.githubusercontent.com/Sompote/Tigrimos/main/install.sh | bash

# Windows (PowerShell as Admin)
Invoke-Expression (Invoke-WebRequest -Uri "https://raw.githubusercontent.com/Sompote/Tigrimos/main/install.ps1").Content

That script downloads a 120MB .tar.gz, verifies its SHA256 against the GitHub release manifest, extracts it to `/Library/Application Support/Tigrimos(macOS) or%LOCALAPPDATA%\Tigrimos` (Windows), and registers a launch agent/service.

Then:

tigrimos start
# → opens http://localhost:3000

No docker-compose.yml. No .env file to misconfigure. No ollama serve running in another terminal.

Under the hood? It bundles:

  • A minimal TypeScript runtime (via bun — not Node)
  • Pre-built Ubuntu 22.04 rootfs (~65MB, verified via sha256sum on first boot)
  • Built-in Llama 3 8B Q4_K_M GGUF (optional — you can swap in your own via tigrimos model set /path/to/model.gguf)

You can run it in Docker if you want — but it’s not the default, and it’s not how the author intends it to be used. Here's the official Docker Compose override (not required, just for the container-curious):

# docker-compose.tigrimos.yml
version: '3.8'
services:
  tigrimos:
    image: ghcr.io/sompote/tigrimos:0.4.2
    ports:
      - "3000:3000"
    volumes:
      - ./tigrimos-data:/home/tigrimos/.tigrimos
      - /tmp:/tmp:shared
    cap_add:
      - SYS_ADMIN
    security_opt:
      - seccomp:unconfined
    # Yes — they warn you in the README that seccomp must be relaxed *for the sandbox to work inside Docker*

Don’t do this unless you’re testing. The native install is faster, safer, and uses ~40% less RAM.

Multi-Agent Orchestration: YAML-Defined Teams, Not Jupyter Notebooks

This is where Tigrimos diverges hard from alternatives like Cursor, Continue.dev, or even LangChain’s local playground.

Instead of stitching agents together in Python or writing agent.run("do X then Y"), you define teams in YAML:

# ~/tigrimos/teams/data-pipeline.yaml
name: "csv-to-insights"
description: "Load CSV, clean, analyze, and return summary"
agents:
  - name: "loader"
    skill: "csv-loader"
    inputs: ["./data/sales_q2.csv"]
  - name: "cleaner"
    skill: "pandas-cleaner"
    inputs: ["{{ loader.output }}"]
  - name: "analyzer"
    skill: "stats-summary"
    inputs: ["{{ cleaner.output }}"]
    parallel: true # runs concurrently with next agent if possible
  - name: "reporter"
    skill: "markdown-report"
    inputs: ["{{ analyzer.output }}"]

Then execute it from the UI or CLI:

tigrimos team run data-pipeline
# → returns structured JSON + markdown report in < 3s (on M2 Air)

No pip install langgraph, no asyncio.run(), no debugging AgentExecutor timeouts. Just declarative, composable, sandboxed steps.

Compare that to Jupyter + Llama.cpp + custom Python glue — which I ran for 3 months before hitting import conflicts and zombie process leaks — and Tigrimos feels like switching from a hand-cranked generator to grid power.

Skill Marketplace: Local-Only, Git-Clonable, No npm Registry

The “marketplace” isn’t a web UI full of SaaS-hosted agents. It’s a local ~/.tigrimos/skills/ folder with Git repos. You install skills like this:

tigrimos skill install https://github.com/tigrimos-skills/web-scraper.git
# → clones into ~/.tigrimos/skills/web-scraper/, verifies signature, builds sandbox deps

Each skill is a folder with:

  • skill.yaml (metadata, permissions, sandbox constraints)
  • run.sh or run.py (entrypoint)
  • requirements.txt or Cargo.toml (auto-installed inside the sandbox only)
  • README.md (rendered in UI)

I tested 5 skills: web-scraper, pdf-extractor, git-diff-summarizer, json-validator, and shell-executor. All ran inside the sandbox, with network access explicitly denied by default — unless you add network: true in skill.yaml. That’s a massive win over tools like Continue.dev, where agent plugins run in the main process and can require('fs') your entire home dir.

Why Self-Host This? Who’s It Actually For?

Let’s cut the hype: Tigrimos isn’t for beginners who just want “ChatGPT on localhost”. It’s not for teams needing SSO, audit logs, or Slack integrations (yet — v0.5 roadmap mentions OIDC).

It is for:

  • AI researchers & engineers who need reproducible, sandboxed, multi-step LLM workflows — without spinning up a cluster
  • Security-conscious devs who refuse to pip install unvetted agents with os.system() calls (looking at you, llama-index plugins)
  • Edge AI practitioners deploying on MacBooks in field offices or Windows laptops in air-gapped labs
  • Teachers and students building AI labs where each student gets a clean, isolated Ubuntu environment — no Docker daemon conflicts, no port clashes

Hardware-wise? I ran it comfortably on:

  • M2 Air (8GB RAM): 1.2GB RAM usage idle, peaks at ~2.1GB during parallel agent runs
  • Windows 11 (i7-11800H, 16GB RAM): ~1.8GB RAM, sub-100ms agent spin-up
  • Disk: ~350MB total (binary + rootfs + default skills + 1 LLM)

No GPU required — though if you drop in a cuda-enabled GGUF, it’ll auto-detect and use llama.cpp's CUDA backend. I tested it with llama-3.1-8B-Q6_K.gguf on my RTX 4070 — 28 tokens/sec, 100% GPU utilization, zero host CPU spikes.

The Honest Take: Is It Worth Deploying Now?

Yes — but with caveats.

I’ve run Tigrimos full-time for 17 days. I replaced my ollama + text-generation-webui + custom Python scripts stack. Here’s the raw breakdown:

Pros

  • Sandboxing actually works. I tried rm -rf /, cat /etc/shadow, wget http://10.0.0.1:8000/shell.sh — all failed as expected.
  • Startup time is stupid fast. tigrimos start → UI in ~7s on cold boot.
  • Skill installation is atomic and reversible: tigrimos skill uninstall web-scraper deletes the whole folder, no lingering deps.
  • The team YAML DSL is intuitive and validated — syntax errors show line numbers in the UI.

Rough Edges (v0.4.2, as of 2024-06-12)

  • No web UI for managing teams/skills — it’s CLI-only for now. You can edit YAMLs in the UI’s built-in editor, but no visual DAG builder.
  • LLM swapping requires restarting the daemon (tigrimos stop && tigrimos start). Not a dealbreaker, but annoying during model tuning.
  • Windows path handling is brittle with spaces (e.g., C:\Users\John Doe\project\ fails — works fine with C:\dev\project\). Fixed in main, but not in latest release.
  • No built-in logging dashboard. Logs go to ~/.tigrimos/logs/ and rotate daily — fine for me, but ops teams will want journalctl -u tigrimos.

The GitHub repo is lean (1200 lines of TypeScript in /src, 300 lines in /sandbox) — and the maintainer (Sompote) responds to issues in <12 hours. The project feels maintainable, not abandoned.

So — is it production-ready? For solo devs, researchers, and small AI labs? Yes. For enterprise deployment today? Not yet. But it’s the most promising “local AI OS” I’ve seen in 2024 — and it’s moving fast. At 55 stars, it’s still under the radar. By the time it hits 500, the docs will be polished, the Windows path bugs gone, and there’ll probably be a VS Code extension.

Bottom line? If you’ve been wrestling with Dockerized AI toolchains, drowning in requirements.txt conflicts, or scared to run LLM agents on your laptop — Tigrimos is worth 20 minutes of your time. Download it. Run tigrimos start. Try tigrimos team run hello-world. And breathe.

It’s not perfect — but it’s yours. Sandboxed. Local. Simple.

View on GitHub →