← Back to blog

NumaVM Is Now Open Source

Give every developer on your team their own isolated Linux VM with AI coding agents built in. The full platform runs on a single server and is now open source under Apache 2.0.

By NumaVM

Give every developer on your team their own isolated Linux VM with AI coding agents built in — running on a single server you control.

That’s what NumaVM does. You set it up once on a Linux machine, open the dashboard, and anyone on your team can click “new VM.” Under a second later they have a private Linux environment in their browser with Claude Code, Codex, and OpenCode ready to use. When they stop working, the VM freezes itself. When they come back, it wakes up in half a second, exactly where they left off.

Today we’re open-sourcing the whole thing. github.com/bilalba/numavm. Apache 2.0.

Why this matters

Each VM is a real, isolated Linux machine — not a container, not a shared environment. Every developer gets their own filesystem, their own network, full root access. If an AI agent runs rm -rf / or installs something weird, it only affects that one disposable VM. Nobody else’s work is touched. That’s what makes it safe to let agents run with full permissions — the blast radius is one throwaway box.

The VMs use Firecracker, the same technology that powers AWS Lambda. Firecracker creates lightweight virtual machines that boot in under a second and use a fraction of the memory of traditional VMs. That’s how you can run dozens of environments on a single server — each one fully isolated, but without the overhead that would normally require.

What people are using it for

Agent sandboxes for teams. Give each developer isolated VMs where AI coding agents can run unrestricted. --dangerously-skip-permissions is safe when the worst case is nuking a disposable VM.

Hackathons. Spin it up on a server, hand out URLs. Each participant gets a VM with agents ready to go. When they stop hacking, VMs snapshot automatically — sleeping environments cost nothing.

Build your own platform. Fork it, swap the agent stack, add an auth provider, integrate it into something else. It’s Apache 2.0 — do whatever you want with it.

What you get after setup

Open localhost:4002 in your browser. You see a dashboard. Click “new VM.” A Linux environment appears with a web terminal — under one second. Three AI coding agents are pre-installed and ready. If you serve a web app inside the VM, it gets a public URL automatically.

VMs that sit idle for 2 minutes snapshot themselves — frozen to disk, costing no memory. When you open one again, it resumes in under 500ms. You can keep dozens of project environments stored and switch between them like browser tabs.

Setup

You need a Linux machine with hardware virtualization support (/dev/kvm) — a bare metal server or a .metal EC2 instance.

git clone https://github.com/bilalba/numavm.git
cd numavm
sudo ./infra/setup-host.sh        # installs Firecracker, pulls a Linux kernel, sets up networking
./vm/build-rootfs.sh               # builds a small Alpine Linux base image (~1GB)
npm install
export JWT_SECRET=$(openssl rand -hex 32) DEV_MODE=true DATA_DIR=./data ADMIN_EMAIL=you@example.com
npm run dev

Six commands. The host script handles all the infrastructure dependencies. The base image includes Node.js, SSH, git, tmux, and the AI agent CLIs. After this, open the dashboard and start creating VMs.

Open core model

Everything you need for a single server is in the repo — VM orchestration, the web dashboard, authentication, terminal streaming, agent integration, idle snapshots. The full product.

If you’d rather not manage a server, numavm.com runs the same codebase, hosted by us, starting at $8/month. If you need multi-region orchestration across many servers, get in touch about our enterprise offering.

Under the hood

The platform is five TypeScript services on Node.js 22 with a SQLite database.

auth/            :4000  OAuth (GitHub, Google), magic links, JWT
control-plane/   :4001  VM orchestration, lifecycle management, agent bridges
dashboard/       :4002  React 19 + Vite + Tailwind
admin/           :4003  Platform observability
cli/                    SSH and API-driven VM management

Why TypeScript everywhere? One language across every service means anyone can read and modify the whole system. The codebase is small — Fastify 5 on the backend, React 19 on the frontend.

Why SQLite? The real work happens in Firecracker API calls and SSH streams — the database is just storing metadata. A single file holds your entire platform state. Back it up by copying one file.

Auth scales from zero config to production: set DEV_MODE=true for local development (auto-creates a dev user), add GitHub OAuth with two env vars for single-user login, or add Google OAuth for team access with email-based roles.

Caddy sits in front as a reverse proxy for production deployments. Each VM gets its own subdomain (vm-abc123.yourdomain.com) with automatic TLS and authentication gating.

github.com/bilalba/numavm