vpod

vpod [command] [snapshot]

vpod gives an untrusted process an instant, throwaway Linux environment. Each vpod is a RISC-V virtual machine (the RV64GC instruction set) compiled to WebAssembly, so the whole sandbox runs inside a portable WASM runtime rather than relying on the host kernel, containers, or hardware virtualization.When started, a vpod boots from a snapshot, a saved VM state that is ready in under a second, and drops the user into an interactive shell. Because execution stays inside the WebAssembly sandbox, code running in a vpod is isolated from the host and behaves the same on Linux, macOS, and Windows without per-platform setup.In addition to the command-line tool, the project ships a Python SDK (installable with pip install vpod) that creates persistent sandboxes programmatically, which is aimed at running AI-agent generated or otherwise untrusted code safely.

start SNAPSHOT

Start an interactive shell from the named snapshot instead of the default.

Download a snapshot and store it locally for later use.

List the snapshots that are available locally.

There is no hardware acceleration, so CPU-intensive workloads run slower than native execution. GPU and accelerator interfaces (CUDA, Metal, ML accelerators) are not available inside the sandbox.

vpod is developed by capsulerun and released under the Apache License 2.0. It is written primarily in Rust, with the RISC-V guest executed through a WebAssembly runtime.

bubblewrap(1), docker(1), firejail(1), qemu(1), wasmtime(1)

Source code