Infrastructure for AI Agents
Instant isolated computers for agentic apps. Start, stop, clone and fork thousands per second.
$50 free credits to start · No credit card required
Use Cases
What developers are shipping
Give your agents a secure execution environment
Execute AI agent code in isolated microVMs with RESTful API access and persistent state. Each agent gets its own Linux environment with full filesystem, networking, and package management.
from instavm import InstaVMclient = InstaVM(api_key="your_api_key")snapshot = client.snapshots.create(oci_image="python:3.12-slim",name="py312")vm = client.vms.create(snapshot_id=snapshot["id"],vcpu_count=4,memory_mb=8192)result = client.execute("python3 agent.py", language="bash")print(result)vm_snapshot = client.vms.snapshot(vm["vm_id"], name="after-run")
Runtime Safety
Secure by default for every agent run
Dedicated kernels, strict egress rules, proxy-injected secrets, read-only mounts, and full runtime auditing.
Hardware-isolated instances
Each sandbox runs with a dedicated kernel, filesystem, and network stack.
Egress controls on every VM
Default-deny outbound traffic with domain/CIDR allowlists and package-manager controls.
Proxy-based secret injection
Inject credentials outside the VM at request time to reduce prompt-injection blast radius.
Audit trails across the runtime
Capture execution, network, and runtime events for every agent run.
from instavm import InstaVMclient = InstaVM("your_api_key")client.egress.set_session(allow_http=False,allow_https=True,allowed_domains=["api.openai.com", "api.anthropic.com"],allowed_cidrs=["10.0.0.0/8"])policy = client.egress.get_session()print(policy.get("allowed_domains", []))
default: deny-all outbound traffic
allowlist: ai APIs + package registries only
audit: every execution and policy update is logged
Deployment Patterns
Supports all kinds of agent workloads
Run one-shot tasks, persistent sessions, long-running stateful agents, or pause/resume hybrid workflows.
An ephemeral sandbox for each user task
Start a clean sandbox per task and terminate it when the task is done.
Best for: Code interpreters, one-shot automations, and eval bursts.
Persistent long-running sessions
Reuse one session across interactions so files, packages, and state stay warm.
Best for: Interactive copilots, ticket workflows, and multi-step agent tasks.
Pause, Resume, Clone, Parallelize
Checkpoint active work, resume later, or clone from the same state.
Best for: Intermittent research tasks and branchable investigation flows.
Long-Running Stateful Agents
Keep a dedicated VM online for always-on agents, deployed apps, or MCP servers.
Best for: Always-on operators, app runtimes, and long-lived MCP services.
Runtime Images
Agents can run any OCI image in VMs
Build snapshots from OCI images, boot VMs from that state, then clone and fan out parallel workers.
Bring any OCI image
Use your existing OCI image as the base runtime for agent workloads.
Snapshot running state
Capture a warm VM state so new runs can start from a known baseline.
Clone and fan out
Clone prepared VMs and start parallel instances for scale-out workloads.
Build args for runtime setup
Set env vars, clone GitHub repos, and run startup build commands when creating snapshots.
from instavm import InstaVMclient = InstaVM(api_key="your_api_key")snap = client.snapshots.create(oci_image="python:3.12-slim",name="deploy-app-base",vcpu_count=2,memory_mb=512,type="user",build_args={"git_clone_url": "https://github.com/acme/ai-app.git","git_clone_branch": "main","post_build_cmd": "npm install && npm run build",},)vm = client.vms.create(snapshot_id=snap["id"],vcpu_count=2,memory_mb=2048,wait=True,)workers = [client.vms.clone(vm_id=vm["vm_id"], wait=True, snapshot_name="deploy-seed")for _ in range(4)]
Shares & Custom Domains
Expose agentic apps and services when ready
Share any running port for previews, APIs, or internal tooling, then attach custom domains for production URLs.
Expose VM ports instantly
Create a share URL for any running service, web app, or API endpoint.
Public or private access
Use public links for previews or private shares with access tokens.
Custom domains for production
Map your own domain to a share and verify DNS before go-live.
Update or revoke quickly
Toggle visibility, rotate access, or revoke shares without redeploying.
from instavm import InstaVMclient = InstaVM("your_api_key")# share from current session or specific vm_idshare = client.shares.create(vm_id="vm_abc123", port=8080, is_public=True)print(share.get("public_url"))private_share = client.shares.create(vm_id="vm_abc123", port=3000, is_public=False)print(private_share.get("access_token"))# switch public/private or revoke without restartclient.shares.update(share_id=private_share["share_id"], is_public=True)client.shares.update(share_id=private_share["share_id"], revoke=True)# map and verify custom domains for productiondomain = client.custom_domains.create(domain="app.example.com",share_id=share["share_id"],dns_provider="cloudflare",dns_credentials={"CLOUDFLARE_API_TOKEN": "token"},)client.custom_domains.verify(domain["id"])
Manage everything from terminal
One SSH endpoint. Full control.
Run `ssh instavm.dev` from local shells, CI, or remote runners to create, connect, clone, share, and destroy VMs.
ssh instavm.dev create --vcpu 4 --memory 8192Provision a fresh VM in ~147ms
ssh <vm_id>@instavm.devDrop directly into the VM shell
ssh instavm.dev clone <vm_id>Clone a prepared environment for parallel runs
ssh instavm.dev share create <vm_id> 8080 --publicExpose a service with one command
ssh instavm.dev rm <vm_id>Terminate and clean up instantly
ssh instavm.dev lsInspect active VMs and status
Full SSH CLI reference → docs/ssh
Desktop Workflows
Full Linux Desktop for agents to work on
Run UI automation in isolated VMs with browser, terminal, and sudo access, with optional live human takeover.
Full desktop runtime
Run agents in a VM with a desktop, browser, terminal, and sudo access.
Agent + human handoff
Run autonomously, keep a human in the loop, or take over live through noVNC.
Screenshots and recordings
Capture visual evidence of agent actions for debugging, review, and compliance.
Works across runtime patterns
Use Computer Use in ephemeral, persistent, and hybrid agent workflows.
Webhook Integrations
Integrate with the platforms you already use
Send agent events to your existing stack with authenticated webhooks, retry handling, and delivery visibility.
Authenticated delivery
Every payload is signed so your services can verify source and integrity.
Automatic retry recovery
Timeout and retry controls keep events flowing when downstream systems fail.
Trace and replay
Inspect delivery status codes and replay failed events in seconds.
+ more integrations
Why teams choose InstaVM
10x faster than containers
Boot a full Linux microVM in under 200ms without pre-warming.
No cross-tenant leakage
Each run gets its own kernel, filesystem, and network stack.
SSH-native workflow
Create, connect, clone, share, and destroy VMs from any shell with `ssh instavm.dev`.
Secret Injection
Inject third-party credentials at runtime without exposing them to sandboxed code. Eliminates credential leaks from prompt injection.
Local or Cloud
Run CodeRunner locally for development, deploy to our cloud for production. Same API, same code.
Pause & Snapshot
Pause running VMs, snapshot state, resume or clone instantly. Ideal for long-running agent workflows.
Egress Control
Fine-grained outbound network rules. Allowlist domains, block egress, or scope access per-VM.
Model-agnostic
Works with the tools you already use. OpenAI, Claude, Gemini, LangChain — and your own stack.
OpenAI
Anthropic
LangChain
LlamaIndex
Google AI
Azure
DSPy$ git clone https://github.com/instavm/coderunner.git
$ cd coderunner && ./install.sh
# Local development workflow for InstaVM apps
$ python my_script.py
✓ Running in isolated Apple container
✓ No cloud upload — processes local files
✓ Complete VM-level isolation
Session ID: local-abc123
Startup time: 45ms
Status: Ready
Local Development Experience
Develop locally. Deploy to the cloud.
CodeRunner for Mac ensures complete VM-level isolation during local testing, with zero cloud uploads required.
Run and debug agent code on your Mac without sending source files to cloud
Use local docs, repos, and databases directly during development
Prototype locally, then move to InstaVM cloud execution patterns without rewriting your agent logic
SDK
Three lines. That's it.
Run sandboxed code in a few lines with Python or JavaScript. Same API for local development and cloud deployment.
from instavm import InstaVMclient = InstaVM(api_key="your_api_key")print(client.execute("print(100**100)")["stdout"])
REST API
Developer API
https://api.instavm.io/v1 — Full REST API for VM lifecycle, snapshots, egress, execution, and file transfer.
/v1/vmsCreate a VM with vCPU, memory, and egress policy
/v1/vmsList all running VMs
/v1/vms/{vm_id}/snapshotSnapshot a running VM
/v1/vms/{vm_id}/cloneClone a VM from snapshot
/v1/executionsFetch code executions
/v1/egress/vm/{vm_id}Set network egress policy
/v1/sharesExpose a VM port as a public URL
/v1/ssh-keysRegister an SSH public key
/v1/snapshotsList all snapshots
/uploadUpload a file to a VM
/downloadDownload a file from a VM
/v1/custom-domainsMap a custom domain to a VM share
FAQ
Typical cold boot is under 200ms. Reusing an active session is typically under 10ms, and snapshot restore is typically under 500ms.
Within one session, variables, files, and installed packages persist across calls. When the session ends (kill, context exit, or lifetime expiry), VM state is destroyed.
Each sandbox runs with its own kernel, filesystem, and network stack. Sandboxes do not share memory or disk state, and root inside a sandbox does not grant host access.
Egress is deny-by-default and can be set per session or per VM. You can allow package managers, specific domains/CIDRs, and HTTP/HTTPS separately; when both policies exist, the more restrictive one applies.
Usage is metered by compute resources, and terminated VMs stop accruing usage. New accounts receive free credits, and current rates/limits are listed on the pricing page.