deepakdgupta1
diff --git a/‎README.md‎
Lines changed: 29 additions & 0 deletions b/‎README.md‎
Lines changed: 29 additions & 0 deletions
diff --git a/‎acfs/onboard/lessons/21_local_desktop.md‎
Lines changed: 190 additions & 0 deletions b/‎acfs/onboard/lessons/21_local_desktop.md‎
Lines changed: 190 additions & 0 deletions
diff --git a/‎install.sh‎
Lines changed: 57 additions & 0 deletions b/‎install.sh‎
Lines changed: 57 additions & 0 deletions
diff --git a/‎scripts/lib/os_detect.sh‎
Lines changed: 24 additions & 0 deletions b/‎scripts/lib/os_detect.sh‎
Lines changed: 24 additions & 0 deletions
@@ -41,6 +41,35 @@ The installer is **idempotent**—if interrupted, simply re-run it. It will auto
 > ```
 > Tagged releases are tested and stable. Setting `ACFS_REF` ensures all fetched scripts use the same version.
 
+### Local Desktop Installation (Sandboxed)
+
+Run ACFS on your personal Ubuntu desktop without modifying your host system:
+
+```bash
+git clone https://github.com/Dicklesworthstone/agentic_coding_flywheel_setup.git
+cd agentic_coding_flywheel_setup
+./install.sh --local --yes
+```
+
+This provisions an **LXD system container** that:
+- Contains all invasive operations (passwordless sudo, SSH config, etc.)
+- Shares a workspace directory at `~/acfs-workspace`
+- Forwards dashboard to `localhost:38080`
+
+**Requirements:**
+- Ubuntu 22.04+ desktop
+- snap installed (default on Ubuntu)
+- ~10GB disk space for container
+
+**Access your ACFS environment:**
+```bash
+acfs-local shell       # Enter sandbox shell
+acfs-local dashboard   # Open dashboard in browser
+acfs-local status      # View container info
+```
+
+> **Why sandbox?** ACFS is designed for fresh VPS instances and intentionally modifies system-level configurations. The sandbox isolates these changes, protecting your personal machine.
+
 ---
 
 ## TL;DR
 
@@ -0,0 +1,190 @@
+# Lesson 21: Local Desktop Mode
+
+**Duration:** 5 minutes
+
+## What You'll Learn
+
+- How local desktop mode works
+- Entering and exiting your ACFS sandbox
+- Managing your workspace
+- Accessing the dashboard
+
+---
+
+## What Is Local Desktop Mode?
+
+Unlike the standard VPS installation, **local desktop mode** runs ACFS inside an isolated LXD container on your Ubuntu PC. This means:
+
+- ✅ Your host system is never modified
+- ✅ Passwordless sudo and agent permissions are safely sandboxed  
+- ✅ You can experiment freely without risk
+- ✅ Easy cleanup: just destroy the container
+
+> **Think of it like:** A virtual machine, but lighter and faster. Your coding environment lives in its own bubble.
+
+---
+
+## Entering Your ACFS Sandbox
+
+After installation, your ACFS environment lives inside a container. To enter it:
+
+```bash
+acfs-local shell
+```
+
+You'll see a prompt like:
+
+```
+ubuntu@acfs-local:~$
+```
+
+This is your sandboxed environment. All your agents and tools are here!
+
+To exit and return to your host:
+
+```bash
+exit
+```
+
+---
+
+## Your Workspace
+
+Your projects are shared between host and container:
+
+| Location | Description |
+|----------|-------------|
+| **Host:** `~/acfs-workspace/` | On your regular desktop |
+| **Container:** `/data/projects/` | Same files, accessible inside sandbox |
+
+Files you create in either location appear in both places instantly.
+
+**Example:**
+
+```bash
+# On host
+touch ~/acfs-workspace/hello.txt
+
+# Inside container
+ls /data/projects/
+# → hello.txt
+```
+
+---
+
+## Useful Commands
+
+| Command | What It Does |
+|---------|--------------|
+| `acfs-local shell` | Enter sandbox shell |
+| `acfs-local status` | Show container state and access info |
+| `acfs-local start` | Start the container |
+| `acfs-local stop` | Stop the container |
+| `acfs-local dashboard` | Open dashboard in browser |
+| `acfs-local doctor` | Run health check inside container |
+| `acfs-local destroy` | Remove container (keeps workspace) |
+
+---
+
+## Accessing the Dashboard
+
+The ACFS dashboard is available at:
+
+```
+http://localhost:38080
+```
+
+Or run:
+
+```bash
+acfs-local dashboard
+```
+
+This automatically opens your browser to the dashboard.
+
+---
+
+## Working with Agents
+
+Once inside the sandbox (`acfs-local shell`), all your agents work normally:
+
+```bash
+# Claude Code (vibe mode)
+cc "Build a hello world API"
+
+# Codex  
+cod
+
+# Gemini
+gmi
+```
+
+Remember: These agents have full permissions **inside the sandbox**, but cannot touch your host system.
+
+---
+
+## Container Lifecycle
+
+Your container persists across reboots! But you can manage it:
+
+**Stopping (saves resources):**
+```bash
+acfs-local stop
+```
+
+**Starting back up:**
+```bash
+acfs-local start
+```
+
+**Complete removal:**
+```bash
+acfs-local destroy
+```
+
+> **Note:** Destroying the container keeps your `~/acfs-workspace` files safe. Only the container environment is removed.
+
+---
+
+## Quick Reference
+
+| Task | Command |
+|------|---------|
+| Enter environment | `acfs-local shell` |
+| Check status | `acfs-local status` |
+| Run agents | Inside shell: `cc`, `cod`, `gmi` |
+| Access projects | Host: `~/acfs-workspace` |
+| View dashboard | `acfs-local dashboard` |
+| Health check | `acfs-local doctor` |
+
+---
+
+## Troubleshooting
+
+**Container won't start?**
+```bash
+lxc list          # Check container state
+lxc info acfs-local    # View detailed info
+```
+
+**Need to reinstall?**
+```bash
+acfs-local destroy --force
+acfs-local create
+```
+
+**Low on disk space?**
+The container uses ~5-10GB. Check with:
+```bash
+df -h ~/snap/lxd/
+```
+
+---
+
+## Next Steps
+
+- Run `acfs-local shell` and try `acfs doctor`
+- Create a project in `~/acfs-workspace`
+- Launch an agent with `cc "describe this project"`
+
+**Congratulations!** You're ready to use ACFS on your desktop safely. 🎉
@@ -26,6 +26,7 @@
 #   --auto-fix-dry-run     Show what auto-fix would do without executing
 #   --skip-ubuntu-upgrade  Skip automatic Ubuntu version upgrade
 #   --target-ubuntu=VER    Set target Ubuntu version (default: 25.10)
+#   --local / --desktop    Run in sandboxed LXD container (for desktop PCs)
 #   --strict          Treat ALL tools as critical (any checksum mismatch aborts)
 #   --list-modules    List available modules and exit
 #   --print-plan      Print execution plan and exit (no installs)
@@ -100,6 +101,10 @@ SKIP_POSTGRES=false
 SKIP_VAULT=false
 SKIP_CLOUD=false
 
+# Local desktop installation mode (LXD sandboxing)
+# When true, ACFS runs inside an LXD container to protect the host
+LOCAL_MODE=false
+
 # Manifest-driven selection options (mjt.5.3)
 LIST_MODULES=false
 PRINT_PLAN_MODE=false
@@ -1002,6 +1007,11 @@ parse_args() {
                 SKIP_CLOUD=true
                 shift
                 ;;
+            --local|--desktop)
+                # Enable local desktop installation mode with LXD sandboxing
+                LOCAL_MODE=true
+                shift
+                ;;
             --resume)
                 export ACFS_FORCE_RESUME=true
                 shift
@@ -5099,6 +5109,53 @@ main() {
         export ACFS_INTERACTIVE=false
     fi
 
+    # Local Desktop Mode: If --local/--desktop was passed and we're NOT already
+    # inside an LXD container, redirect to acfs-local create (sandbox provisioning)
+    if [[ "$LOCAL_MODE" == "true" ]]; then
+        # Source os_detect to get is_lxd_container function
+        local lib_dir
+        if [[ -n "${SCRIPT_DIR:-}" ]]; then
+            lib_dir="$SCRIPT_DIR/scripts/lib"
+        else
+            # Fallback: attempt to find the lib directory relative to this script
+            lib_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/scripts/lib"
+        fi
+
+        if [[ -f "$lib_dir/os_detect.sh" ]]; then
+            # shellcheck source=scripts/lib/os_detect.sh
+            source "$lib_dir/os_detect.sh"
+        fi
+
+        # Check if we're inside an LXD container
+        if declare -f is_lxd_container &>/dev/null && ! is_lxd_container; then
+            # We're on the host - redirect to acfs-local container management
+            local local_script
+            if [[ -n "${SCRIPT_DIR:-}" ]]; then
+                local_script="$SCRIPT_DIR/scripts/local/acfs_container.sh"
+            else
+                local_script="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/scripts/local/acfs_container.sh"
+            fi
+
+            if [[ -x "$local_script" ]]; then
+                echo ""
+                echo "╔══════════════════════════════════════════════════════════════╗"
+                echo "║           ACFS Local Desktop Mode Detected                   ║"
+                echo "╠══════════════════════════════════════════════════════════════╣"
+                echo "║  Redirecting to sandboxed installation...                    ║"
+                echo "║  Your host system will NOT be modified.                      ║"
+                echo "╚══════════════════════════════════════════════════════════════╝"
+                echo ""
+                exec "$local_script" create
+            else
+                log_error "Local desktop mode requires scripts/local/acfs_container.sh"
+                log_error "Please clone the full ACFS repository first."
+                exit 1
+            fi
+        fi
+        # If we're already inside a container, continue normal installation
+        log_detail "Inside LXD container - proceeding with normal installation"
+    fi
+
     # Handle --pin-ref early (before any heavy setup) - just resolve SHA and exit
     if [[ "$PIN_REF_MODE" == "true" ]]; then
         fetch_commit_sha
 
@@ -136,3 +136,27 @@ is_docker() {
     fi
     return 1
 }
+
+# Check if running inside LXD/LXC container (ACFS local desktop mode)
+# Used to detect when we're inside the ACFS sandbox
+is_lxd_container() {
+    # LXD sets container environment variable
+    if [[ "${container:-}" == "lxc" ]]; then
+        return 0
+    fi
+    # Fallback: check for LXD-specific cgroup markers
+    if grep -q lxc /proc/1/cgroup 2>/dev/null; then
+        return 0
+    fi
+    # Fallback: check for container-specific boot marker
+    if [[ -f /dev/.lxc-boot-id ]]; then
+        return 0
+    fi
+    return 1
+}
+
+# Check if running in any container (Docker, LXD, etc.)
+is_container() {
+    is_docker || is_lxd_container
+}
+