Metadata-Version: 2.4
Name: smolvm
Version: 0.0.4
Summary: Secure runtime for AI agents, and tools -- free and open-source from Celesto AI 🧡
Author-email: Celesto AI <hello@celesto.ai>
License-Expression: Apache-2.0
License-File: LICENSE
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Operating System :: MacOS :: MacOS X
Classifier: Operating System :: POSIX :: Linux
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Programming Language :: Python :: 3.14
Classifier: Topic :: System :: Emulators
Requires-Python: >=3.10
Requires-Dist: paramiko>=3.0
Requires-Dist: pydantic>=2.0
Requires-Dist: requests-unixsocket>=0.3
Requires-Dist: requests>=2.28
Provides-Extra: dashboard
Requires-Dist: fastapi>=0.115.0; extra == 'dashboard'
Requires-Dist: uvicorn[standard]>=0.34.0; extra == 'dashboard'
Requires-Dist: websockets>=14.0; extra == 'dashboard'
Provides-Extra: dev
Requires-Dist: mypy>=1.0; extra == 'dev'
Requires-Dist: pre-commit>=4.2.0; extra == 'dev'
Requires-Dist: pytest-cov>=4.0; extra == 'dev'
Requires-Dist: pytest>=7.0; extra == 'dev'
Requires-Dist: ruff>=0.15.0; extra == 'dev'
Description-Content-Type: text/markdown

<div align="center">

# SmolVM

**Secure runtime for AI agents and tools**

[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
[![Python 3.10+](https://img.shields.io/badge/python-3.10+-blue.svg)](https://www.python.org/downloads/)

[Docs](https://docs.celesto.ai) • [Examples](examples/) • [GitHub](https://github.com/celestoai/smolvm)

</div>

---

SmolVM is a lightning-fast, secure microVM runtime designed for high-density isolation. It provides AI agents and tools with a safe, hardware-virtualized environment to execute untrusted code without risking the host system.

## ✨ Features

- **🔒 Secure Isolation**: Hardware-level virtualization (utilizing Firecracker) for strong sandbox boundaries.
- **⚡ Blazing Fast**: MicroVMs boot in sub-second time with minimal overhead.
- **🐍 Python Native**: Clean, high-level SDK for managing VM lifecycles and command execution.
- **🌐 Automatic Networking**: Built-in NAT, port forwarding, and SSH tunneling.
- **🛠️ Custom Images**: Build specialized Debian-based rootfs images with your own tools.
- **🧹 Auto-Cleanup**: Integrated resource management to keep your host system clean.

## 🤔 Why SmolVM?

AI agents often need to execute arbitrary code (Python, JS, shell scripts) generated by LLMs. Running this code directly on your host or in standard containers can be risky.

- **MicroVM-based Security**: Unlike containers that share the host kernel, SmolVM uses KVM-backed microVMs. This provides a significantly smaller attack surface and stronger hardware-level isolation.
- **Agent-First Design**: SmolVM abstracts away the complexity of microVM networking, storage, and TAP devices into a simple, pythonic API.

## 🚀 Quickstart

### 1. Prerequisites

- **Linux + Firecracker backend**: KVM support (Ubuntu/Debian/Fedora).
- **macOS + QEMU backend**: Homebrew and QEMU (`qemu-system-*`).

### 2. Installation

```bash
# Install the Python package
pip install smolvm
```

Linux (Firecracker):

```bash
sudo ./scripts/system-setup.sh --configure-runtime
```

macOS (QEMU):

```bash
./scripts/system-setup-macos.sh
# Optional explicit backend override:
# export SMOLVM_BACKEND=qemu
```

### 3. Basic Usage

Initialize a VM with no arguments for an auto-configured, SSH-ready environment:

```python
from smolvm import SmolVM

# Start sandboxed runtime
vm = SmolVM()
vm.start()

# Run ANY command like a real system
result = vm.run("echo 'Hello from the sandbox!'")
print(result.output)

# Stop the runtime
vm.stop()
```

Customize auto-config memory and disk size:

```python
from smolvm import SmolVM

# Use with context manager (auto start and deletes after use)
with SmolVM(mem_size_mib=2048, disk_size_mib=4096) as vm:
    print(vm.run("free -m").output)
```

### 4. Reconnect to an existing VM

You can also reconnect to a running VM by its ID:

```python
from smolvm import SmolVM

# Reconnect to an existing VM
vm = SmolVM.from_id("vm-abcdef12")
print(f"Status: {vm.status}")
```

### 4.1 Disk isolation defaults

SmolVM now defaults to **isolated per-VM disks** (`disk_mode="isolated"`),
so each VM gets its own writable rootfs clone (sandbox-by-default).

If you intentionally want shared/persistent image behavior across VMs, set:

```python
from smolvm import VMConfig

config = VMConfig(..., disk_mode="shared")
```

### 5. Port Forwarding

Expose a guest application to your local machine securely. `expose_local` prefers host-local nftables forwarding and automatically falls back to an SSH tunnel when needed.

```python
from smolvm import SmolVM

with SmolVM() as vm:
    # Example: App in VM listening on port 8080, expose to host port 18080
    host_port = vm.expose_local(guest_port=8080, host_port=18080)
    print(f"App available at http://localhost:{host_port}")
```

## 6. Environment Variables

Inject environment variables into a running VM. Variables are persisted in
`/etc/profile.d/smolvm_env.sh` and apply to new SSH/login shell sessions.

```python
from smolvm import SmolVM

with SmolVM() as vm:
    vm.set_env_vars({"API_KEY": "sk-...", "DEBUG": "1"})
    print(vm.list_env_vars())
    print(vm.run("echo $API_KEY").output)
```

CLI:

```bash
smolvm env set <vm_id> API_KEY=sk-... DEBUG=1
smolvm env list <vm_id> --show-values
smolvm env unset <vm_id> DEBUG
```

Diagnostics:

```bash
# Auto-detect backend (Darwin -> qemu, Linux -> firecracker)
smolvm doctor

# Force backend checks
smolvm doctor --backend firecracker
smolvm doctor --backend qemu

# CI-friendly mode
smolvm doctor --json --strict
```

## ⚡ Performance

SmolVM is optimized for low-latency agent workflows. Latest lifecycle timings (p50) on a standard Linux host:

| Phase | Time |
|---|---|
| Create + Start | ~572ms |
| SSH ready | ~2.1s |
| Command execution | **~43ms** |
| Stop + Delete | ~751ms |
| **Full lifecycle (boot → run → teardown)** | **~3.5s** |

Run the benchmark yourself:

```bash
python scripts/benchmarks/bench_subprocess.py --vms 10 -v
```

> Measured on AMD Ryzen 7 7800X3D (8C/16T), Ubuntu Linux, KVM/Firecracker backend.

## 📄 License

Apache 2.0 License - see [LICENSE](LICENSE) for details.

---
<div align="center">
Built with 🧡 by <a href="https://celesto.ai">Celesto AI</a>
</div>
