What makes it different

Serious isolation, everyday desktop.

The strongest way to keep one part of your digital life from contaminating another is to put each in its own compartment. That idea isn't new — qdistro's contribution is making it feel like a normal computer, letting it live on top of the system you already run, and building the whole thing so an AI assistant can safely help you change it.

01 — Friendly

Security you don't have to think about

Most isolation-first systems ask you to become a security administrator. qdistro takes the opposite stance: the protection is strong underneath, and ordinary on the surface.

One person, one fingerprint

No multi-user login screens, no Wi-Fi or Bluetooth pickers to misconfigure. There's one owner of the machine, and the day-to-day surfaces stay quiet and simple.

Every window, one desktop

Apps in containers and virtual machines don't open a separate world — their windows sit right alongside everything else, colour-coded by which compartment they belong to.

It asks only when it matters

Copying a password between compartments or letting an app reach your camera prompts you once, clearly. The rest of the time it simply gets out of the way.

The design goal is written down plainly: keep the everyday cognitive load low, and reserve the friction for the moments that genuinely deserve it. See the threat model and approval flow.

02 — Contained

Strong enough for the bugs that matter

A few years ago a flaw turned up deep in the Linux kernel that let ordinary, unprivileged software quietly overwrite files it should only have been able to read — by tampering with the copies the system keeps cached in memory. On a normal desktop, that's game over: one bad program can reach everything.

Systems that put each workload in its own virtual machine — the approach Qubes made famous — were largely unbothered. A kernel compromise inside one virtual machine stays inside that virtual machine; it never reaches the rest of your data. qdistro offers the same containment at its virtual-machine tiers: run anything you genuinely don't trust there, and even a kernel-level break stays boxed in.

We're honest about the trade: that hardest guarantee comes from the VM tiers, not the lighter ones. qdistro lets you choose the level of containment per app, so the riskiest things get the strongest walls and everything else stays fast and seamless. The full reasoning is in the threat model.

03 — Agent-ready

A distribution you tune like your editor

Power users don't accept their text editor as-shipped — they reshape it until it fits, plugin by plugin, config by config. qdistro brings that same feeling to the whole operating system. It's designed from the ground up to be modified — by you, and by the AI agents helping you — and that isn't a slogan; it's baked into concrete engineering rules.

Readable
It's all source, all the time
The desktop, the apps, the session manager, the policy — plain Python and QML you edit and reload live. No compile step, no opaque binaries to reverse-engineer.
Minimal C
Compiled code only where it must be
The few performance- and security-critical pieces (the compositor, low-level glue) are commodity C. Everything an assistant is likely to touch is high-level, modifiable script.
Pluggable
A plugin point for nearly everything
Apps, the shell, and the send-to flows all take drop-in plugins — discovered straight from the filesystem, so adding a capability is a file you can list with ls, not a packaging ritual.
Tested
Change it with confidence
Strong, mandatory testing — fast headless unit tests, full-stack runs inside a real virtual machine, even coverage checks that every shortcut and every dialog is wired up and machine-readable. An agent can verify its own work.
Oriented
Every repo explains itself
Each component ships an AGENTS.md — a short brief an assistant reads first: what this is, how to build and test it, and which unusual decisions to respect.

The rationale lives in the project's own overview and contributor rules — the same documents the AI agents read. If an assistant can't confidently change a file from its source alone, it doesn't belong in that file's language.

The short version

Take the compartmentalized-security idea that the most serious systems use, make it feel like an ordinary desktop, let it run on top of the distribution you already have — or inside a VM — and build every layer so that you and an AI assistant can keep shaping it, the way you'd tune your editor.

Try the preview Read the source