2/22/2026 at 6:50:14 PM
by harshdoesdev
2/23/2026 at 6:21:08 AM
The value here isn't 'local VMs'. it's that the defaults are inverted. Everything else defaults to persistent and networked. This defaults to ephemeral and isolated. Small shift, but matters when you don't trust the code that's about to run.by srinath693
2/22/2026 at 10:30:16 PM
I will steal this to make a local-first version of https://microterm.dev for macOS :)My idea is to have unified environment across all targets, so the only thing that changes is speed and amount of RAM.
by Xlab
2/23/2026 at 8:38:34 AM
How is this running the vm/container? Cloud or something like container2wasm?Kinda cool I’m on my phone, on an alpine terminal, and genuinely need to ask if it’s running in the browser.
by scosman
2/23/2026 at 1:54:34 PM
checked from desktop: WASM container!by scosman
2/23/2026 at 4:18:00 AM
iOS Safari stuck in a redirect loop (loading... indicator reaches 90% then hard refresh, repeat till error message)by chrisweekly
2/23/2026 at 4:59:37 AM
On on iPhone 13 Pro with iOS Safari 26.3, loading fine.by todotask2
2/23/2026 at 8:07:51 PM
Mine's also a 13pro, iOS 18.7.3's Safari, still getting same error "A problem occurred repeatedly on microterm.dev"by chrisweekly
2/22/2026 at 10:34:34 PM
cool, would love to see it!by harshdoesdev
2/22/2026 at 8:24:09 PM
What does local first mean in this context? Does it just mean local? Like, the software runs locally?by josephg
2/22/2026 at 8:29:05 PM
yeah, it just means everything runs on your machine. there are services like E2B, sprites.dev and others that give you sandboxes in the cloud. shuru runs VMs locally using Apple's Virtualization.framework, so nothing leaves your Mac.by harshdoesdev
2/23/2026 at 6:17:28 AM
Seems it only support macOS so for practical purpouses it's local-only.by fulafel
2/22/2026 at 10:12:02 PM
Unfortunately yes. It's just another stupid marketing buzzword these days.by userbinator
2/22/2026 at 10:28:36 PM
it's the other way around, everything is in the cloud now (upload your files to us, we are privacy respecting, bla bla)So it's good that the product actually highlights it is dealing with local hardware only.
by Xlab
2/23/2026 at 2:03:02 AM
Yes, but we have a perfectly serviceable term for local software already: "local software".To me, "local-first software" means something slightly different. The term was coined by this essay[1], which says:
> Local-first ideals include the ability to work offline and collaborate across multiple devices
> This means that while local-first apps keep their data in local storage on each device, it is also necessary for that data to be synchronized across all of the devices on which a user does their work.
But this is clearly not what's going on here. This project is just local software, like we've had forever.
If a fancy new "local first" buzzword makes local-only software seem more sexy, then I suppose I don't want to get too mad about it. I really like local software. But the autist in me likes it when technical terms have a well defined meaning.
by josephg
2/23/2026 at 7:56:14 AM
"Local First" implies that something is second.by allthetime
2/23/2026 at 8:14:44 PM
To me it implies it is designed to be used local, instead of an afterthought feature.by winstonwinston
2/22/2026 at 11:37:29 PM
I don't expect "Linux MicroVMs for macOS" to have anything to do with clouds.by userbinator
2/22/2026 at 8:12:29 PM
The agent stack is splitting into specialized layers and sandboxing is clearly becoming its own thing. Shuru, E2B, Modal, Firecracker wrappers.Earlier this month I wrote about how these layers have very different defensibility profiles and why going monolithic is the wrong call: https://philippdubach.com/posts/dont-go-monolithic-the-agent...
EDIT: Spelling
by 7777777phil
2/23/2026 at 3:16:04 AM
It's a good article and seems to mirror my experience doing partial-AI software development. If you are not saving your context for decision making and your conclusions in software architecture (as made between developers and AI) you are losing very valuable context information on software design. Although I'm not sure the article ties closely to the topic of micro VMs.by camkego
2/22/2026 at 10:59:31 PM
How does this compare to Apple container[1]?I am excited by the innovation happening in the space!
by runako
2/22/2026 at 11:03:56 PM
apple container is more of a docker-style workflow, OCI images, registries, etc. shuru is just micro VMs with checkpointing, much simpler scope.by harshdoesdev
2/22/2026 at 11:22:48 PM
Has anyone tackled this for Windows? WSL isn’t ideal when shipping a consumer app to a non-developer target audience since it requires some setup.by jclay
2/23/2026 at 8:32:19 AM
This looks amazing. I’ve been wanting virtualization.framework micro VMs for months! Docker is fine, but the overhead isn’t ideal.I like the defaults (ephemeral, network off). Any thoughts on adding host-mapped directories?
I have a MCP server for ephemeral sandboxes that supports various backends (Docker, E2B, Modal, even WASM). I’ll look at adding this. https://github.com/Kiln-AI/Kilntainers
by scosman
2/22/2026 at 7:59:33 PM
What is the benefit of this over lima, for example?by xrd
2/22/2026 at 8:06:38 PM
Lima can do a lot of what shuru does if you set it up for it. the difference is mostly in defaults and how much you have to configure upfront. with shuru you get ephemeral VMs, no networking, and a clean rootfs on every run without touching a config file. shuru run and you're in. Checkpoints and branching are built into the CLI rather than being an experimental feature you have to figure out. Lima is a much bigger and more mature project though. Shuru is something I am building partly to learn and partly because I wanted something with saner defaults for this specific use case.by harshdoesdev
2/22/2026 at 9:24:29 PM
Thanks for doing this. I had basically the same experience with Lima. It is very nice but the defaults are not what I want, and I don't like having to wonder whether I turned off the stuff that I don't want enabled. Better that everything is disabled by default and I selectively turn things on (like networking) as I need them.I'm gonna give shuru a try. My main concern is being based on Alpine (seemingly the only option?) I may not be able to easily pull in the dependencies for the projects I'm working on, but I'll see how it goes.
by enneff
2/22/2026 at 9:38:08 PM
glad to hear it, that's exactly the thinking behind it. alpine is the only option right now yeah. what kind of dependencies are you running into issues with? would help me figure out what to prioritize next.by harshdoesdev
2/22/2026 at 10:10:39 PM
I haven't yet - just generally I have found it a bit of a hassle to figure out which packages to install whenever I use a different distro. I'll let you know how it goes!by enneff
2/22/2026 at 11:08:53 PM
Disclaimer: I haven't tried this yet.I would want the equivalent of the trixie-slim Docker image (Debian 13, no documentation). It's ~46 Mb instead of ~4Mb as a Docker image, but gives a reasonably familiar interface.
(This is largely based on some odd experiences with Elixir on Alpine, which is where I am doing most of my work these days.)
by halostatue
2/22/2026 at 10:58:00 PM
Very cool. Was looking for something like this for a new project of mine. (I'm working on a project that is like a marriage of retool+OpenClaw. It's used by SME to quickly build inhouse apps)by BrandiATMuhkuh
2/23/2026 at 10:02:36 AM
Shuru looks cool! I've been working on something with a similar vibe, for Linux hosts first; MicroVMs, default offline, etc. Not ready to release, but I'm starting to dogfood it.by Cyphase
2/22/2026 at 11:10:37 PM
How does it compare to Lume. It uses Apple's native Virtualization Framework to run macOS and Linux VMs at near-native speed on Apple Silicon.by praveenhm
2/22/2026 at 11:16:14 PM
lume is a much more full featured VM manager, macOS and Linux VMs, API server, prebuilt images, python SDK etc. shuru is intentionally minimal.by harshdoesdev
2/23/2026 at 6:10:25 AM
Let's not call this local-first please. Especially since there is no wherever- else-second. The term first makes no sense here.by steve1977
2/23/2026 at 5:36:13 AM
How are we going for gpu acceleration in Linux VMs on MacOS?by apatheticonion
2/23/2026 at 7:42:48 AM
AFAIK that's not possible at the moment. Apple limits the full GPU acceleration for macOS guests.by alexellisuk
2/22/2026 at 9:09:02 PM
I've noticed claude forks parallel agents on an assigned task. How would they communicate in isolated sandboxes like these? Would it be cleaner and more effective for a harness to orchestrate swarms of agents in a single clean linux environment like OrbStack?by rishabhaiover
2/22/2026 at 9:19:56 PM
haven't thought about multi-agent communication yet. each sandbox is fully isolated which is the point. checkpoints help a bit here though, you can branch multiple agents from the same checkpoint so they all start from the same state.by harshdoesdev
2/22/2026 at 9:29:07 PM
I think I made a cursory and incorrect assumption. Given this is backed by Apple's Virtualization, it has POSIX compliance and forks/execs are allowed within the sandbox which can support agent parallelization within a sandbox I believe.Looks like a great project at surface!
by rishabhaiover
2/23/2026 at 4:16:43 AM
man this is cool. this is what i want since i read about fly.io's sprites.slightly related to this, and i'm not familiar with linux sandboxing/containerization in depth, but any similar turn key solution for linux desktop/server? ideally i have something like sprites/shuru but on my own linux/ubuntu server instead of in the cloud.
by raihansaputra
2/23/2026 at 3:57:10 PM
Same, I really want to use sprites (for me and my whole team) but every time I try to set up, I run into weird issues. Last time I got in some state where trying to launch Claude froze the whole VM every time.by servercobra
2/23/2026 at 7:43:53 AM
We built SlicerVM for this in 2022, but not just for sandboxing. It's for servers + API launched VMs (i.e. what we now like to call a 'sandbox'). Feel free to take a look, a lot of our early users are saying things like this.by alexellisuk
2/23/2026 at 6:09:52 AM
glad you liked it! I am currently exploring options for Linux support. will share an update soon.by harshdoesdev
2/22/2026 at 11:45:07 PM
This looks awesome. How would you recommend setting up an allowlist for external network communications (for cases where networking is enabled)?by JSR_FDED
2/22/2026 at 8:34:04 PM
Why was using straigt containers not enough?by Krisso
2/22/2026 at 8:40:09 PM
containers work fine for a lot of this. shuru is just what felt more natural to me. less config overhead and i wanted to learn by building it.by harshdoesdev
2/23/2026 at 1:33:43 AM
What would you say are a natural use case for Shuru or Lima vs say a full docker like environment? What does the sandbox allow you to do differently? There's additional overhead of the hypervisor. I'm mostly just trying to learn, as yourself.by wickrom
2/23/2026 at 3:20:19 AM
installing new tools inside container requires you to update the Dockerfile and rebuild, here it seems you can simply run the installation command and create a checkpointby nsonha
2/23/2026 at 6:22:22 AM
You can do this with Docker too without Dockerfile or rebuilding. You can treat the container as mutable and just start/stop it, doing changes manually, and make snapshots with docker commit.You'll forfeit the benefits of reproducible scripted environment of course but Docker does let you do it.
by fulafel
2/23/2026 at 11:47:02 AM
macos also has a native sandbox-exec that can be used to isolate processes with a policy you like.by user3939382
2/23/2026 at 3:10:43 PM
Wow I never knew this existed. Thanks for pointing this out!by sedawkgrep
2/23/2026 at 5:25:44 PM
Thread from yesterday https://news.ycombinator.com/item?id=47101200by abhikul0
2/23/2026 at 8:59:23 PM
Wow I don't know how I missed that...by sedawkgrep
2/22/2026 at 9:34:26 PM
Neat! I was looking for something like thisby tobyhinloopen
2/22/2026 at 9:36:48 PM
thanks! let me know how it goesby harshdoesdev
2/23/2026 at 5:21:53 AM
this is awesome!!by akashkahlon
2/22/2026 at 11:04:17 PM
[dead]by janlucien
2/22/2026 at 9:47:02 PM
[dead]by okayokay123
2/22/2026 at 8:46:41 PM
Use OrbStack. It’s faster than Virtualization.framework because it has its own hypervisor.by conradev
2/22/2026 at 8:51:54 PM
Not true, OrbStack uses Virtualization.framework: https://news.ycombinator.com/item?id=36189550by noname120
2/23/2026 at 1:27:16 AM
I don't think they use Virtualization for most launches nowby saagarjha
2/23/2026 at 3:15:26 AM
Yes but they also use a custom linux kernel to achieve better performance than plain vz. I'm not technical enough to tell if it's bs, but it boots subsecondby nsonha
2/22/2026 at 8:50:35 PM
OrbStack is great but it is solving a different problem. it's a full Docker Desktop replacement. shuru is just a thin layer over Virtualization.framework for spinning up throwaway sandboxes.by harshdoesdev
2/22/2026 at 9:36:08 PM
OrbStack has some invasive elements inside it trying to provide filesystem integration, and the filesystem they use is not POSIX compliant and causes breakage with some build systems and other software.by JoshTriplett