I am a bit confused how I would use this (maybe because I may not be your target audience?).
For example if I am coding with Kilocode and phpstorm. How would I use these microVms and what is the cloudflare worker for? I currently run a regular set of docker containers to run my code, how does this compare?
- How would I use these microVms and what is the cloudflare worker for?
This is unlikely the right solution for you, it's more geared towards people building kilocode (because they have an agent that independently writes code + executes that code).
The microvm's are for developers running locally wanting to execute untrusted code written by an ai - example is running codex or gemini-cli. Cloudflare workers are for users who want their own "sandbox infra" so they can execute untrusted code written by ai with their production app (not local hopefully)!
- I currently run a regular set of docker containers to run my code, how does this compare?
Very little difference for your use case unless you expect to do more hostile coding.
But I'll try to explain why VM's are different than containers in the security area:
Containers are not considered as production-level security boundary. One of the main reason is because containers share the kernel with the host machine running the container.
However, virtual machines are battle tested sandbox tech designed to have strong protection by having host and the VM have individual operating systems AND dedicated virtualized hardware. This is also the main environment you can rent from big providers. Some more info here: https://www.wiz.io/academy/containers-vs-vms
So this product is a microVM which combines security of VM's + a layer to make it easy and fast like containers to get the best of both worlds.
The microvm's are our local solution so devs can use it.
But we thought people might to do some production work to not run local stuff - so we added a compatibility layer with cloudflare :D. Good note, didn't even think about that being kind of confusing.
I hate to speak negatively about someone's hard work but I am genuinely confused as to why this needs to be a separate product/service. Could I not spin up a container or a VM and run my agents in it? What is this sandbox letting the agent do safely that neither the current container or VM solutions are able to offer?
You absolutely can spin up a container or a vm and run your agents in it - but you make trade offs. Containers are easy and fast. Vm's use more resources but are more secure. Most people in production run containers in vm's to get benefits of both!
This is a product that tries to get the best parts of both containers (devX + speed) and vm's (security). The innovation here is using micro-vm's which are really really lightweight and fast to start compared to traditional vm's. Props to libkrun team for creating that: https://github.com/containers/libkrun
Alright, but why couldn't I use `krunvm` directly then? What does your wrapper provide that I can't easily do already? Is it essentially a set of "recipes" and "skills"?
The recipes and skills stuff is pretty experimental, we're trying to see if we can make this a full environment where agents can just have all the tools they need to build along with full privilege (sudo) because it's inside a microvm!
What exactly is a microVM?
I am a bit confused how I would use this (maybe because I may not be your target audience?).
For example if I am coding with Kilocode and phpstorm. How would I use these microVms and what is the cloudflare worker for? I currently run a regular set of docker containers to run my code, how does this compare?
Co-builder on this project,
To answer your questions :)
- How would I use these microVms and what is the cloudflare worker for?
This is unlikely the right solution for you, it's more geared towards people building kilocode (because they have an agent that independently writes code + executes that code).
The microvm's are for developers running locally wanting to execute untrusted code written by an ai - example is running codex or gemini-cli. Cloudflare workers are for users who want their own "sandbox infra" so they can execute untrusted code written by ai with their production app (not local hopefully)!
- I currently run a regular set of docker containers to run my code, how does this compare?
Very little difference for your use case unless you expect to do more hostile coding.
But I'll try to explain why VM's are different than containers in the security area:
Containers are not considered as production-level security boundary. One of the main reason is because containers share the kernel with the host machine running the container.
Security penetration engineers do not consider exploiting `some` linux kernels to be high effort because depending on the version, libraries, etc there are CVE's to exploit: https://www.cisa.gov/known-exploited-vulnerabilities-catalog...
However, virtual machines are battle tested sandbox tech designed to have strong protection by having host and the VM have individual operating systems AND dedicated virtualized hardware. This is also the main environment you can rent from big providers. Some more info here: https://www.wiz.io/academy/containers-vs-vms
So this product is a microVM which combines security of VM's + a layer to make it easy and fast like containers to get the best of both worlds.
can you include a component diagram overview to give folks a quick idea of "what runs where?" before making the decision to try this out.
you wrote that this is local but what's up with the cloudflare subdir? do we need a cf account to run this?
Will do!
The microvm's are our local solution so devs can use it.
But we thought people might to do some production work to not run local stuff - so we added a compatibility layer with cloudflare :D. Good note, didn't even think about that being kind of confusing.
No CF account needed to run this!
I hate to speak negatively about someone's hard work but I am genuinely confused as to why this needs to be a separate product/service. Could I not spin up a container or a VM and run my agents in it? What is this sandbox letting the agent do safely that neither the current container or VM solutions are able to offer?
Co-builder of proj here:
You absolutely can spin up a container or a vm and run your agents in it - but you make trade offs. Containers are easy and fast. Vm's use more resources but are more secure. Most people in production run containers in vm's to get benefits of both!
This is a product that tries to get the best parts of both containers (devX + speed) and vm's (security). The innovation here is using micro-vm's which are really really lightweight and fast to start compared to traditional vm's. Props to libkrun team for creating that: https://github.com/containers/libkrun
Alright, but why couldn't I use `krunvm` directly then? What does your wrapper provide that I can't easily do already? Is it essentially a set of "recipes" and "skills"?
Krunvm has some breaking issues that I'm trying to upstream fixes to: https://github.com/containers/krunvm/pull/74. Amazing project and maintainer btw.
This product is effectively wrapper that has some fixes + devX glue that makes the experience hopefully faster. I try to improve the cleanup, logging, resources monitoring as an example: https://github.com/BinSquare/ERA/blob/main/era-agent/vm_serv...
The recipes and skills stuff is pretty experimental, we're trying to see if we can make this a full environment where agents can just have all the tools they need to build along with full privilege (sudo) because it's inside a microvm!
That's fair. Thanks for your work!
I don't think I'll use your project, but it's great that you're thinking about these things. We need more security initiatives in the "AI" space.