Get the top HN stories in your inbox every day.
omrimaya
The design decision I find most interesting here is ephemeral-by-default with opt-in checkpointing, that inversion of the usual "persist everything, clean up manually" model fits agent code execution well. Most sandboxing approaches I've seen treat isolation as the hard problem, but state leakage across runs is the subtler foot-gun when you're executing LLM-generated code repeatedly.
One thing I ran into building agent infrastructure: the boundary between "sandbox that runs code" and "agent that decides what code to run" wants to be a clean HTTP interface, not a library call. Makes it easier to audit what crossed the boundary. Does Shuru expose any hook for streaming stdout back to the caller during execution, or is it strictly "wait for exit, get result"?
srinath693
The value here isn't 'local VMs'. it's that the defaults are inverted. Everything else defaults to persistent and networked. This defaults to ephemeral and isolated. Small shift, but matters when you don't trust the code that's about to run.
Xlab
I will steal this to make a local-first version of https://microterm.dev for macOS :)
My idea is to have unified environment across all targets, so the only thing that changes is speed and amount of RAM.
scosman
How is this running the vm/container? Cloud or something like container2wasm?
Kinda cool I’m on my phone, on an alpine terminal, and genuinely need to ask if it’s running in the browser.
scosman
checked from desktop: WASM container!
chrisweekly
iOS Safari stuck in a redirect loop (loading... indicator reaches 90% then hard refresh, repeat till error message)
todotask2
On on iPhone 13 Pro with iOS Safari 26.3, loading fine.
chrisweekly
Mine's also a 13pro, iOS 18.7.3's Safari, still getting same error "A problem occurred repeatedly on microterm.dev"
harshdoesdev
cool, would love to see it!
josephg
What does local first mean in this context? Does it just mean local? Like, the software runs locally?
harshdoesdev
yeah, it just means everything runs on your machine. there are services like E2B, sprites.dev and others that give you sandboxes in the cloud. shuru runs VMs locally using Apple's Virtualization.framework, so nothing leaves your Mac.
fulafel
Seems it only support macOS so for practical purpouses it's local-only.
userbinator
Unfortunately yes. It's just another stupid marketing buzzword these days.
Xlab
it's the other way around, everything is in the cloud now (upload your files to us, we are privacy respecting, bla bla)
So it's good that the product actually highlights it is dealing with local hardware only.
josephg
Yes, but we have a perfectly serviceable term for local software already: "local software".
To me, "local-first software" means something slightly different. The term was coined by this essay[1], which says:
> Local-first ideals include the ability to work offline and collaborate across multiple devices
> This means that while local-first apps keep their data in local storage on each device, it is also necessary for that data to be synchronized across all of the devices on which a user does their work.
But this is clearly not what's going on here. This project is just local software, like we've had forever.
If a fancy new "local first" buzzword makes local-only software seem more sexy, then I suppose I don't want to get too mad about it. I really like local software. But the autist in me likes it when technical terms have a well defined meaning.
userbinator
I don't expect "Linux MicroVMs for macOS" to have anything to do with clouds.
allthetime
"Local First" implies that something is second.
7777777phil
The agent stack is splitting into specialized layers and sandboxing is clearly becoming its own thing. Shuru, E2B, Modal, Firecracker wrappers.
Earlier this month I wrote about how these layers have very different defensibility profiles and why going monolithic is the wrong call: https://philippdubach.com/posts/dont-go-monolithic-the-agent...
EDIT: Spelling
camkego
It's a good article and seems to mirror my experience doing partial-AI software development. If you are not saving your context for decision making and your conclusions in software architecture (as made between developers and AI) you are losing very valuable context information on software design. Although I'm not sure the article ties closely to the topic of micro VMs.
runako
How does this compare to Apple container[1]?
I am excited by the innovation happening in the space!
harshdoesdev
apple container is more of a docker-style workflow, OCI images, registries, etc. shuru is just micro VMs with checkpointing, much simpler scope.
jclay
Has anyone tackled this for Windows? WSL isn’t ideal when shipping a consumer app to a non-developer target audience since it requires some setup.
xrd
What is the benefit of this over lima, for example?
harshdoesdev
Lima can do a lot of what shuru does if you set it up for it. the difference is mostly in defaults and how much you have to configure upfront. with shuru you get ephemeral VMs, no networking, and a clean rootfs on every run without touching a config file. shuru run and you're in. Checkpoints and branching are built into the CLI rather than being an experimental feature you have to figure out. Lima is a much bigger and more mature project though. Shuru is something I am building partly to learn and partly because I wanted something with saner defaults for this specific use case.
enneff
Thanks for doing this. I had basically the same experience with Lima. It is very nice but the defaults are not what I want, and I don't like having to wonder whether I turned off the stuff that I don't want enabled. Better that everything is disabled by default and I selectively turn things on (like networking) as I need them.
I'm gonna give shuru a try. My main concern is being based on Alpine (seemingly the only option?) I may not be able to easily pull in the dependencies for the projects I'm working on, but I'll see how it goes.
harshdoesdev
glad to hear it, that's exactly the thinking behind it. alpine is the only option right now yeah. what kind of dependencies are you running into issues with? would help me figure out what to prioritize next.
BrandiATMuhkuh
Very cool. Was looking for something like this for a new project of mine. (I'm working on a project that is like a marriage of retool+OpenClaw. It's used by SME to quickly build inhouse apps)
scosman
This looks amazing. I’ve been wanting virtualization.framework micro VMs for months! Docker is fine, but the overhead isn’t ideal.
I like the defaults (ephemeral, network off). Any thoughts on adding host-mapped directories?
I have a MCP server for ephemeral sandboxes that supports various backends (Docker, E2B, Modal, even WASM). I’ll look at adding this. https://github.com/Kiln-AI/Kilntainers
praveenhm
How does it compare to Lume. It uses Apple's native Virtualization Framework to run macOS and Linux VMs at near-native speed on Apple Silicon.
harshdoesdev
lume is a much more full featured VM manager, macOS and Linux VMs, API server, prebuilt images, python SDK etc. shuru is intentionally minimal.
rishabhaiover
I've noticed claude forks parallel agents on an assigned task. How would they communicate in isolated sandboxes like these? Would it be cleaner and more effective for a harness to orchestrate swarms of agents in a single clean linux environment like OrbStack?
harshdoesdev
haven't thought about multi-agent communication yet. each sandbox is fully isolated which is the point. checkpoints help a bit here though, you can branch multiple agents from the same checkpoint so they all start from the same state.
rishabhaiover
I think I made a cursory and incorrect assumption. Given this is backed by Apple's Virtualization, it has POSIX compliance and forks/execs are allowed within the sandbox which can support agent parallelization within a sandbox I believe.
Looks like a great project at surface!
Get the top HN stories in your inbox every day.
Shuru is a lightweight sandbox that spins up Linux VMs on macOS using Apple's Virtualization.framework. Boots in about a second on Apple Silicon, and everything is ephemeral by default. There's a checkpoint system for when you do want to persist state, and sandboxes run without network access unless you explicitly allow it. Single Rust binary, no dependencies. Built it for sandboxing AI agent code execution, but it works well for anything where you need a disposable Linux environment.