Scion: The Hypervisor for AI Agents

The Problem

Multiple agents, one codebase, zero isolation

Running parallel AI agents on the same repo causes merge conflicts, credential leakage, context contamination, and no observability.

40% of agentic projects at risk by 2027

What Is Scion

Manager-Worker orchestration for deep agents

The scion CLI manages agent lifecycles across a Grove (project workspace). Each agent runs in its own container with a dedicated git worktree, credentials, and home directory. Agents dynamically learn the CLI tool and decide coordination themselves via natural language. Open-sourced by Google Cloud, April 2026.

Gemini CLI Claude Code Codex OpenCode

Mental Model

VMware but for AI agents

Each agent gets its own machine (container), its own disk (worktree), its own identity (credentials). The hypervisor manages lifecycle, not the agent's decisions.

Experimental testbed

Grove

Project namespace

1:1 with a git repo. UUID v5 from normalized git URL. Contains .scion/ config. Where agents live and collaborate.

Template

Agent blueprint

System prompt + skills + config. Define roles like "Security Auditor" or "QA Tester". Layered: harness base, template overlay, profile overrides.

Harness

LLM tool adapter

Adapts Gemini CLI, Claude Code, Codex, or OpenCode into Scion. Handles provisioning and execution inside OCI containers.

Runtime

Container backend

Docker, Podman, Apple Container, or Kubernetes. Local or remote via Runtime Broker. Multi-machine via Hub control plane.

Architecture

Manager-Worker with dynamic agent graph

Three-Layer Isolation

"Isolation Over Constraints" — agents run unrestricted inside, guardrailed outside

Layer 1: OCI Container
Filesystem, process, and network isolation. Docker, Podman, Apple Container, or Kubernetes pod.

Layer 2: Git Worktree
Dedicated branch at ../.scion_worktrees/<grove>/<agent>. Mounted as /workspace. Same repo history, independent working directory.

Layer 3: Credentials + Shadow Mounts
Separate home dirs. tmpfs shadow mounts block access to .scion/ and other agents. Secrets mounted read-only or via env vars.

90% fewer security incidents No merge conflicts

Agent Lifecycle

Phase + Activity + Detail

Created> Provision> Clone> Running> Stopped

Activity states while running: idle, thinking, executing, waiting, blocked, completed

CLI: start, attach, message, logs, resume, sync, delete

Landscape Comparison

Where Scion fits among multi-agent tools

Tool	Architecture	Isolation	Multi-Agent	Harness-Agnostic
Scion	Manager-Worker hypervisor	Container + worktree	Yes, parallel	4 harnesses
OpenHands	Event-stream delegation	Docker sandbox	Delegation model	Model-agnostic
CrewAI	Role-based DSL	Process-level	Sequential + parallel	Via LiteLLM
LangGraph	State machine / graph	Cloud sandboxes	Graph-based	Model-agnostic
Aider	Single-agent pair	None	Single agent	Multi-model

Multi-Agent Anti-Patterns

What breaks without orchestration

"Bag of Agents" — flat topology, every agent talks to every other. No hierarchy, no gatekeeper.
Hallucination loops — agents validate each other's mistakes instead of correcting them.
Context exhaustion — in 5-agent chains, context is blown by agent 3. Downstream agents get truncated input.
Git merge conflicts — parallel agents modify shared files: routes, configs, types, schemas.
Cascade failures — one agent's bad output propagates through the entire chain unchecked.

Five Design Principles

Scion's philosophy for agent orchestration

Less is More — Hypervisor, not full stack. Memory, chatrooms, task management integrate as orthogonal concerns.
Isolation Over Constraints — Agents run in --yolo mode. Guardrailed outside via containers and network policy.
Interaction is Imperative — Humans attach/detach. Agents message each other "as users". Collaboration by design.
Diversity = Quality — Mix model vendors, sizes, harnesses, and system prompts. Ecosystem of strengths.
Dynamic Lifecycles — Agent graph evolves at runtime. Ephemeral agents spin up and down. Not predetermined.

Scion: The Hypervisorfor AI Agents

Scion: The Hypervisor
for AI Agents