Show HN: Run coding agents in microVM sandboxes instead of your host machine
github.comHi HN, we built SuperHQ, an open source app that runs AI coding agents in isolated microVM sandboxes instead of directly on your machine. Each agent gets its own VM with a full Debian environment. You mount your projects in, writes go to a tmpfs overlay so your host is never touched, and you get a diff view to accept or discard changes. API keys never enter the sandbox. We also just launched remote.superhq.ai which acts as a remote control for SuperHQ, allowing you to access your workspaces and agents from anywhere. The tmpfs overlay approach is smart — writes never touch the host. We've been solving a related but different problem: running AI agent workloads (not just coding agents) in production Kubernetes clusters where the agents can't make outbound calls at all. Air-gapped environments where the LLM inference runs on-cluster via Ollama or vLLM. The isolation model is different — instead of protecting the developer's machine, we're protecting the enterprise's network from the agent. NetworkPolicies + FQDN egress control per agent namespace. Question: how do you handle persistent state across sessions? If the agent needs to remember what it learned from a previous run, does the tmpfs model break that? thanks! we have checkpoints for that, you can checkpoint a sandbox and fork it to start a new session (checkpointing is a terminal state) Hi guys, we are super excited about the launch of remote.superhq.ai - remote control for your dev environment. please do check it out and share your feedback.