Hero

Local-First Sandboxes
for AI Agents on macOS.

Lightweight Linux VMs powered by Apple Virtualization.framework. Ephemeral by default. No Docker required.

GET STARTED GITHUB

Features

Fast, Ephemeral, Stateful.
Infrastructure for AI Agents.

01

Ephemeral by Default

Every run starts from a clean rootfs. Install anything, break anything. Nothing persists unless you save it.

02

Checkpoints

Save disk state as named snapshots. Restore, branch, and iterate. Like git commits for your environment.

03

Apple Silicon Native

Built on Virtualization.framework. No emulation layer, no Docker dependency. Near-native speed on ARM64.

grid: 3 cols

CLI

Simple CLI.
Run, checkpoint, restore.

feature

Ephemeral runs

Boot a fresh VM with a single command. Changes vanish on exit.

Opt-in networking

Sandboxes are offline by default. Enable networking with one flag.

Configurable resources

Set CPUs, memory, and disk size per run or in a config file.

Directory mounts

Share host directories into the VM. Writes stay in a tmpfs overlay.

Checkpoint & restore

Save environments as snapshots. Branch and reuse across runs.

Port forwarding

Expose guest ports to the host. Works without network access.

terminal

$ shuru run -- echo "hello from the sandbox"

hello from the sandbox

$ shuru run -- cat /etc/os-release | head -1

NAME="Debian GNU/Linux"

# VM boots, runs, and tears down — nothing persists.

$ shuru run -- curl https://example.com

curl: (6) Could not resolve host: example.com

$ shuru run --allow-net -- curl -s https://example.com | head -1

<!doctype html>

# Sandboxes are offline by default. All traffic goes through a proxy.

$ shuru run --cpus 4 --memory 4096 -- free -m | head -2

total used free

Mem: 4096 38 4002

$ shuru run --disk-size 2048 -- df -h /

Filesystem Size Used Avail Use% Mounted on

/dev/vda 2.0G 18M 1.9G 1% /

$ shuru run --mount ./src:/workspace -- ls /workspace

main.py utils.py tests/

$ shuru run --mount ./src:/workspace -- sh -c 'echo "new" > /workspace/tmp && cat /workspace/tmp'

new

# Host directory is untouched. Guest writes live in a tmpfs overlay.

$ shuru checkpoint create myenv --allow-net -- sh -c 'apt-get install -y nodejs npm'

shuru: checkpoint 'myenv' saved

$ shuru run --from myenv -- node -e 'console.log("ready")'

ready

# Restore any checkpoint instantly. Branch and reuse.

$ shuru checkpoint create py --allow-net -- apt-get install -y python3

shuru: checkpoint 'py' saved

$ shuru run --from py -p 8080:8000 -- python3 -m http.server 8000

shuru: forwarding 127.0.0.1:8080 -> guest:8000

$ curl http://127.0.0.1:8080/

<!DOCTYPE HTML>...

# No --allow-net needed. Tunneled over vsock.

Use Cases

Built for Agents.
Safe execution for any workload.

01

Code Execution

Run AI-generated code in isolated VMs with real-time output.

02

Tool Use

Let agents install packages, compile code, and use system tools safely.

03

Evaluations

Spin up parallel sandboxes for reproducible evals across environments.

04

Development

Disposable Linux environments for testing, debugging, and prototyping.

Config

Configure per project.
One file, full control.

Define allowed domains, secrets, and resources in a single shuru.json file.

config

Secret injection

API key stays on host. Guest gets a placeholder token.

Domain allowlist

Lock down which domains the agent can reach.

Multi-provider

Multiple API keys for different services.

Full config

Resources, mounts, secrets, and network together.

shuru.json

{

"secrets": {

"API_KEY": {

"from": "OPENAI_API_KEY",

"hosts": ["api.openai.com"]

}

},

"network": {

"allow": ["api.openai.com"]

}

{

"network": {

"allow": [

"registry.npmjs.org",

"github.com",

"*.githubusercontent.com"

]

}

{

"secrets": {

"OPENAI_KEY": {

"from": "OPENAI_API_KEY",

"hosts": ["api.openai.com"]

},

"ANTHROPIC_KEY": {

"from": "ANTHROPIC_API_KEY",

"hosts": ["api.anthropic.com"]

}

},

"network": {

"allow": ["api.openai.com", "api.anthropic.com"]

}

{

"cpus": 4,

"memory": 4096,

"mounts": ["./src:/workspace"],

"secrets": {

"API_KEY": {

"from": "OPENAI_API_KEY",

"hosts": ["api.openai.com"]

}

},

"network": {

"allow": ["api.openai.com"]

}

Skill

Works with your agent.
Install once, sandbox everything.

Shuru ships as an agent skill. Once installed, AI agents automatically use shuru run whenever they need sandboxed execution — no prompting required.

Install with one command

Works across Claude Code, Cursor, Copilot, and more.

terminal

$ npx skills add superhq-ai/shuru

Works with Claude Code Cursor GitHub Copilot Gemini CLI OpenAI Codex + more

Install

Get started in seconds.

One command to install. One command to run.

Homebrew Script

# Install

$ brew tap superhq-ai/tap && brew install shuru

# Run your first sandbox

$ shuru run

# Install

$ curl -fsSL https://shuru.run/install.sh | sh

# Run your first sandbox

$ shuru run

Local-First Sandboxes for AI Agents on macOS.

Fast, Ephemeral, Stateful. Infrastructure for AI Agents.

Ephemeral by Default

Checkpoints

Apple Silicon Native

Simple CLI. Run, checkpoint, restore.

Ephemeral runs

Opt-in networking

Configurable resources

Directory mounts

Checkpoint & restore

Port forwarding

Built for Agents. Safe execution for any workload.

Code Execution

Tool Use

Evaluations

Development

Configure per project. One file, full control.

Secret injection

Domain allowlist

Multi-provider

Full config

Works with your agent. Install once, sandbox everything.

Install with one command

Get started in seconds.

Local-First Sandboxes
for AI Agents on macOS.

Fast, Ephemeral, Stateful.
Infrastructure for AI Agents.

Simple CLI.
Run, checkpoint, restore.

Built for Agents.
Safe execution for any workload.

Configure per project.
One file, full control.

Works with your agent.
Install once, sandbox everything.