Infrastructure for AI Agents
Instant isolated computers for agentic apps. Start, stop, clone and fork thousands per second.
$50 free credits to start · 10 GB volumes included · No credit card required
Use Cases
Built for every agent pattern
Give your agents a secure execution environment
Execute AI agent code in isolated microVMs with RESTful API access and persistent state. Each agent gets its own Linux environment with full filesystem, networking, and package management.
from instavm import InstaVMclient = InstaVM(api_key="your_api_key")snapshot = client.snapshots.create(oci_image="python:3.12-slim",name="py312")vm = client.vms.create(snapshot_id=snapshot["id"],vcpu_count=4,memory_mb=8192)result = client.execute("python3 agent.py", language="bash")print(result)vm_snapshot = client.vms.snapshot(vm["vm_id"], name="after-run")
Runtime Safety
Every agent run is hardware-isolated
Dedicated kernels, strict egress rules, proxy-injected secrets, read-only mounts, and full runtime auditing.
Hardware-isolated instances
Each sandbox runs with a dedicated kernel, filesystem, and network stack.
Egress controls on every VM
Default-deny outbound traffic with domain/CIDR allowlists and package-manager controls.
Proxy-based secret injection
Agents never see your API keys. InstaVM injects secrets via a proxy at request time. If an agent is compromised by prompt injection, credentials are not in the blast radius.
Observability by default
Full execution logs, network traces, and runtime events for every run. Debug agent failures without reproducing them.
$ instavm auth set-key$ instavm create --snapshot security-base$ instavm share create vm_abc123 3000$ instavm share set-private shr_abc123
Deployment Patterns
From one-shot tasks to always-on agent loops
Run one-shot tasks, persistent sessions, long-running stateful agents, or pause and resume hybrid workflows.
An ephemeral sandbox for each user task
Start a clean sandbox per task and terminate it when the task is done.
Best for: Code interpreters, one-shot automations, and eval bursts.
Persistent long-running sessions
Keep a VM alive across interactions. Files, packages, and state persist between calls, no rebuild overhead.
Best for: Interactive copilots, ticket workflows, and multi-step agent tasks.
Checkpoint, Restore, Clone, Parallelize
Checkpoint active work, resume later, or clone from the same state.
Best for: Intermittent research tasks and branchable investigation flows.
Long-Running Stateful Agents
Keep a dedicated VM online for always-on agents, deployed apps, or MCP servers.
Best for: Always-on operators, app runtimes, and long-lived MCP services.
Skills
Deploy directly from Claude Code or Codex
Create any agent or app, test it, then deploy from inside Claude Code, Codex, Gemini CLI, Copilot, or AMP with a simple deploy on instavm prompt.
Install once, then ask your coding agent to deploy on InstaVM from the same working session.
Runtime Images
Use any OCI image or runtime for Agents
Build snapshots from OCI images, boot VMs from that state, then clone and fan out parallel workers.
Bring any OCI image
Use your existing OCI image as the base runtime for agent workloads.
Snapshot running state
Capture a warm VM state so new runs can start from a known baseline.
Clone and fan out
Clone prepared VMs and start parallel instances for scale-out workloads.
Build args for runtime setup
Set env vars, clone GitHub repos, and run startup build commands when creating snapshots.
$ instavm snapshot build python:3.12-slim --name deploy-app-base --git-clone https://github.com/acme/ai-app.git --run "npm install && npm run build"$ instavm create --snapshot snap_abc123 --vcpu 2 --memory 2048$ instavm clone vm_abc123 --name deploy-seed
Persistent Volumes
Persistent state that survives every run
Named volumes persist across VM lifecycles. Checkpoint mid-run, fan out read-only to workers, or mount read-write to a single agent. Your agent's memory and data never disappear.
Agent memory that doesn't vanish
Volumes exist independently of VMs. Rebuild, restart, or scale your agents without losing stored state, embeddings, or indexes.
Share context across parallel agents
Fan out a knowledge base or embedding index read-only to 100 workers, or mount read-write to a single agent that's updating state.
Pre-load data before your agent starts
Upload datasets, models, or config files directly via the SDK. Your agent's workspace is ready before it boots.
Checkpoint mid-task, resume anywhere
Snapshot volume state at any point. Spin up a new VM from that exact checkpoint. Perfect for long-running research agents.
$ instavm volume create agent-state --quota 10GB$ instavm volume files upload vol_abc123 ./index.faiss --path indexes/index.faiss$ instavm volume checkpoint create vol_abc123 --name post-index$ instavm create --volume vol_abc123:/workspace/data:rw$ instavm create --volume vol_abc123:/workspace/reference:ro:chk_abc123
Shares & Custom Domains
Go live with one command
Share any running port for previews, APIs, or internal tooling, then attach custom domains for production URLs.
Expose VM ports instantly
Create a share URL for any running service, web app, or API endpoint.
Public or private access
Use public links for previews or private shares with access tokens.
Custom domains for production
Map your own domain to a share and verify DNS before go-live.
Update or revoke quickly
Toggle visibility, rotate access, or revoke shares without redeploying.
$ instavm share create vm_abc123 8080 --public$ instavm share set-private shr_abc123$ instavm share set-public shr_abc123$ instavm share revoke shr_abc123
Manage everything from terminal
ssh instavm.dev is all you need
Run `ssh instavm.dev` from local shells, CI, or remote runners to create, connect, clone, share, and destroy VMs. No CLI install. No SDK dependency.
ssh instavm.dev create --vcpu 4 --memory 8192Provision a fresh VM in ~147ms
ssh <vm_id>@instavm.devDrop directly into the VM shell
ssh instavm.dev clone <vm_id>Clone a prepared environment for parallel runs
ssh instavm.dev share create <vm_id> 8080 --publicExpose a service with one command
ssh instavm.dev rm <vm_id>Terminate and clean up instantly
ssh instavm.dev lsInspect active VMs and status
Full SSH CLI reference → docs/ssh
Desktop Workflows
Full Linux Desktop for agents to work on
Run UI automation in isolated VMs with browser, terminal, and sudo access, with optional live human takeover.
Full desktop runtime
Run agents in a VM with a desktop, browser, terminal, and sudo access.
Agent + human handoff
Run autonomously, keep a human in the loop, or take over live through noVNC.
Screenshots and recordings
Capture visual evidence of agent actions for debugging, review, and compliance.
Works across runtime patterns
Use Computer Use in ephemeral, persistent, and hybrid agent workflows.
Webhook Integrations
Integrate with the platforms you already use
Send agent events to your existing stack with authenticated webhooks, retry handling, and delivery visibility.
Authenticated delivery
Every payload is signed so your services can verify source and integrity.
Automatic retry recovery
Timeout and retry controls keep events flowing when downstream systems fail.
Trace and replay
Inspect delivery status codes and replay failed events in seconds.
+ more integrations
Why teams choose InstaVM
10x faster than containers
Boot a full Linux microVM in under 200ms without pre-warming.
No cross-tenant leakage
Each run gets its own kernel, filesystem, and network stack.
SSH-native workflow
Create, connect, clone, share, and destroy VMs from any shell with `ssh instavm.dev`.
Secret Injection
Agents never see your API keys. InstaVM injects secrets via a proxy at request time. If an agent is compromised by prompt injection, credentials are not in the blast radius.
Local or Cloud
Run CodeRunner locally for development, deploy to our cloud for production. Same API, same code.
Pause & Snapshot
Pause running VMs, snapshot state, resume or clone instantly. Ideal for long-running agent workflows.
Egress Control
Fine-grained outbound network rules. Allowlist domains, block egress, or scope access per-VM.
$ git clone https://github.com/instavm/coderunner.git
$ cd coderunner && ./install.sh
# Local development workflow for InstaVM apps
$ python my_script.py
✓ Running in isolated Apple container
✓ No cloud upload — processes local files
✓ Complete VM-level isolation
Session ID: local-abc123
Startup time: 45ms
Status: Ready
Local Development Experience
Develop locally. Deploy to the cloud.
CodeRunner for Mac ensures complete VM-level isolation during local testing, with zero cloud uploads required.
Run and debug agent code on your Mac without sending source files to cloud
Use local docs, repos, and databases directly during development
Prototype locally, then move to InstaVM cloud execution patterns without rewriting your agent logic
Model-agnostic
Works with the tools you already use. OpenAI, Claude, Gemini, LangChain — and your own stack.
OpenAI
Anthropic
LangChain
LlamaIndex
Google AI
Azure
DSPySDK
Three lines to integrate in your code.
Run sandboxed code and deploy workflows in a few lines with CLI, Python, or TypeScript. Same API for local development and cloud deployment.
$ instavm auth set-key$ instavm deploy --plan$ instavm deploy
FAQ
Typical cold boot is under 200ms. Reusing an active session is typically under 10ms, and snapshot restore is typically under 500ms.
Within one session, variables, files, and installed packages persist across calls. When the session ends (kill, context exit, or lifetime expiry), VM state is destroyed.
Each sandbox runs with its own kernel, filesystem, and network stack. Sandboxes do not share memory or disk state, and root inside a sandbox does not grant host access.
Egress is deny-by-default and can be set per session or per VM. You can allow package managers, specific domains/CIDRs, and HTTP/HTTPS separately; when both policies exist, the more restrictive one applies.
Free is pay-as-you-go with a $0 base price and $50 in starting credits. Pro is $100/month as the base subscription price plus usage. Both Free and Pro include 10 GB of volume storage, then additional allocated storage is billed at $0.0002 per GB-hour.