The next goal is not “let the LLM run the computer.”
That would be the wrong next step.
The right next step is controlled autonomy in a sandbox.
The safe next milestone
A good next milestone would look like this:
LLM receives a goal
Agentix creates a temporary worktree or VM fixture
LLM runs Agentix commands there
Agentix proposes and verifies a patch
Agentix returns the result
Human reviews and activates
This keeps the live system safe while allowing more agentic behavior.
Why sandbox first
A disposable environment gives the agent room to act without risking the host system.
The agent can inspect, patch, verify, and even fail. Failure is acceptable if it happens in a temporary workspace and produces useful output.
The live machine should remain protected by the same rule:
Agentix may prepare the system.
The human activates the system.
Possible next features
Possible post-MVP features include:
- temporary worktree execution
- VM-backed agent runs
- stronger command allowlists
- model/provider integration
- signed or tamper-resistant audit logs
- sanitized public export workflow
- Home Manager support
- richer goal parsing
- pull-request generation
What “agentic” should mean
Agentic does not have to mean reckless. A useful agent can be constrained, observable, and reversible.
For infrastructure, that is not a limitation. It is the point.
The vision for Agentic NixOS is not an AI that secretly changes your machine. It is an agent that prepares a reviewed, verified, reproducible change and stops at the boundary where human judgment matters.
That is how autonomy should arrive: gradually, visibly, and safely.