Loading...
Loading...
Run commands in an isolated Linux microVM sandbox using the shuru CLI. Use when the user asks to execute untrusted code, install packages safely, test in a clean environment, or needs Linux-specific tooling on macOS.
npx skill4agent add superhq-ai/shuru shurushuru run# 1. Run a command in a fresh VM
shuru run -- echo "hello from the sandbox"
# 2. Mount the project directory so the VM can access host files
shuru run --mount ./src:/workspace -- ls /workspace
# 3. If the command needs network access (install packages, fetch data)
shuru run --allow-net -- apk add curl && curl https://example.com
# 4. If setup is expensive, save a checkpoint and reuse it
shuru checkpoint create node-env --allow-net -- apk add nodejs npm
shuru run --from node-env --mount .:/workspace -- node /workspace/app.jssh -cshuru run --allow-net -- sh -c 'apk add python3 py3-pip && python3 -c "print(1+1)"'
shuru run --mount .:/workspace -- sh -c 'cd /workspace && ls -la && cat README.md'shuru run [flags] [-- command...]
# Interactive shell (default when no command given)
shuru run
# Run a single command
shuru run -- whoami
# With resources
shuru run --cpus 4 --memory 4096 --disk-size 8192 -- make -j4
# With networking + port forwarding
shuru run --allow-net -p 8080:80 -- nginx -g 'daemon off;'
# Multiple mounts
shuru run --mount ./src:/src --mount ./data:/data -- ls /src /data
# From a checkpoint
shuru run --from myenv -- npm test# Create: boots VM, runs command, saves disk on exit
shuru checkpoint create <name> [flags] [-- command...]
# Stack: create from an existing checkpoint
shuru checkpoint create with-deps --from base-env --allow-net -- npm install
# List all checkpoints (shows actual disk usage)
shuru checkpoint list
# Delete
shuru checkpoint delete <name># Download/update OS image
shuru init
shuru init --force # re-download even if up to date
# Upgrade CLI + OS image
shuru upgrade
# Clean up leftover data from crashed VMs
shuru prune# One-time setup
shuru checkpoint create python-dev --allow-net -- sh -c 'apk add python3 py3-pip && pip install pytest requests'
# Fast subsequent runs
shuru run --from python-dev --mount .:/workspace -- sh -c 'cd /workspace && pytest'# Fully isolated — no --allow-net, no --mount
shuru run -- sh -c 'echo "malicious script here" && rm -rf / 2>/dev/null; echo "host is safe"'shuru run --mount .:/workspace --cpus 4 --memory 4096 -- sh -c '
cd /workspace
apk add build-base
make -j4
make test
'shuru run --allow-net --from node-env -p 3000:3000 --mount .:/app -- sh -c '
cd /app && node server.js
'
# Access at http://localhost:3000 on the hostshuru checkpoint create base --allow-net -- apk add build-base git curl
shuru checkpoint create node --from base --allow-net -- sh -c 'apk add nodejs npm'
shuru checkpoint create project --from node --allow-net --mount .:/app -- sh -c 'cd /app && npm install'
# Now "project" has OS deps + Node + node_modules baked in
shuru run --from project --mount .:/app -- sh -c 'cd /app && npm test'shuru.json{
"cpus": 2,
"memory": 2048,
"disk_size": 4096,
"allow_net": false,
"ports": ["8080:80"],
"mounts": ["./src:/workspace"],
"command": ["/bin/sh", "-c", "cd /workspace && sh"]
}--allow-netapk add--cpus--memory--disk-size