Gondolin provides isolated execution environments for AI agents by running their generated code inside local Linux micro-VMs (QEMU or krun backend). The host-side policy layer controls network access and filesystem permissions, with secrets injection limited to allowed destinations only. Developers can customize policies via JavaScript and manage sessions, snapshots, and resume states through a CLI.