Cloud computers, instantly.

boxd gives you and your team instant Linux machines in the cloud. Persistent, isolated, and ready in under a second.

$ ssh boxd.sh

Welcome back, hiddensalmon!

You have 4 VMs:

- bright-sun

- quick-fox

- warm-tide

- keen-mint

boxd>

What is boxd?

boxd gives you real Linux machines in the cloud. They boot in under a second. They persist. Your files, your packages, your running services are still there tomorrow. And every machine is fully isolated in its own virtual machine, not a container sharing a kernel. You SSH in and you have a computer.

$ ssh boxd.sh

boxd> new --name=my-app

✓ my-app created

boxd> connect my-app

boxd@my-app:~$

That's it. No CLI to install, no dashboard, no setup wizard. Your SSH key is your identity.

Think about what that opens up. You can spin one up to try something, close your laptop, and come back tomorrow. It's still there. You can fork a fully configured machine for a new hire — including your entire stack, already running — and they're productive in minutes, not days. You can give a box to an AI agent and let it work through the night with your full codebase and toolchain. It can fork a machine to explore two approaches at once, without it ever being limited. Keep the one that works, throw the other away. You can embed them in your product so your users can run code in a safe, isolated environment. You can create hundreds of them and pay nothing when they're idle.

Every machine has a public URL the moment it starts. You don't build, push, and deploy to show someone what you're working on. You send them the link. Need a teammate to see your branch? Fork your machine and share it. Need to demo something to a client? It's already live. The gap between “working on it” and “other people can see it” does not exist anymore.

Every machine is a real VM with its own kernel. That means it's safe to run anything. Your team's code, AI-generated code, code from your users. What happens inside one machine can never affect another.

And because boxd is self-hosted, it runs on your infrastructure. Your cloud, your bare metal, your region. No data leaving your environment. Just a single binary with zero external dependencies. No Postgres, no Redis, no Kubernetes.

A real computer. Instant, persistent, isolated. For every developer, every agent, and every workload that needs one.

For developers

Spin up identical environments for your whole team. Persistent across sessions, accessible from any device.

For AI agents

Give agents a real machine with your codebase and tools. No session limits, no lost work.

For your product

Run untrusted code safely via API. Hardware-isolated, self-hosted, on your terms.

What can you use it for?

Three common ways teams use boxd.

Dev Environments

Production-grade environments. Ready in seconds.

Every new hire spends their first days fighting dependencies instead of shipping code. Every OS update risks breaking someone's setup. No two machines on your team are exactly the same. Your engineers spend time on tooling instead of product.

Configure one golden image with your full stack. Every developer forks it and gets an identical, running environment in seconds.

No drift, ever. "Works on my machine" stops being a conversation. Close your laptop Friday, open it Monday. Everything is exactly where you left it.
Shareable by default. Every machine has a public URL. Fork yours to show a teammate what you're working on. SSH in from any device.
Zero cost when idle. Machines sleep when nobody is using them. Wake up in seconds when they come back.

Read the deep dive →

$ ssh boxd.sh fork production-stack --name=sarah

✓ sarah created (1.4s)

Docker, nginx, Postgres, Redis, your app. All running.

$ ssh boxd.sh connect sarah

boxd@sarah:~$ docker ps

app-web Running :3000

app-api Running :8080

postgres-14 Running :5432

redis Running :6379

nginx Running :443

Background Agents

Let agents ship code while your team sleeps.

You want AI agents fixing bugs, writing tests, refactoring modules. But where do they actually run? On a developer's laptop, it blocks the developer. In CI, the agent starts from scratch every time. Most sandboxes kill sessions after an hour. Real work takes longer than that.

Fork a fully configured machine for each agent. It gets your codebase, your toolchain, your test suite. It works until the job is done.

No setup, ever. The agent starts where a developer would. Full stack, running services, real data. No Dockerfile, no bootstrap script, no 20-minute CI spin-up.
No time limits. Some bugs take three hours. The machine works as long as the agent needs, then sleeps. Zero cost until the next task.
Parallel exploration. Fork a machine to try two fixes at once. The agent branches your infrastructure like it branches your code. Compare results, merge the winner.

Read the deep dive →

$ ssh boxd.sh fork dev-env --name=agent-fix-42

✓ agent-fix-42 created (0.9s)

$ ssh boxd.sh exec agent-fix-42 -- claude \

-p "Fix the auth timeout bug in issue #42. Run the test suite when done."

3 hours later...

✓ Found root cause in session middleware

✓ Fixed token refresh logic

✓ All 847 tests passing

✓ PR ready for review

Machine sleeping. $0.00/hr until next task.

Agentic Sandboxing

The current sandboxing options are not good enough.

You are building a product that runs code from users or AI models. You looked at the market. Daytona runs your code in privileged Docker containers. Shared kernel. One escape and every sandbox on that node is exposed. E2B uses proper VM isolation, but sessions cap at 24 hours, persistence is bolted on, and self-hosting requires Postgres, ClickHouse, Redis, Nomad, and Consul. Both advertise sub-100ms cold starts. Real-world benchmarks show 400-600ms.

boxd is a different architecture. Every execution gets its own KVM virtual machine. Dedicated kernel, dedicated filesystem, dedicated network stack. No containers. No shared anything.

Real isolation. Not Docker with compliance certs. Not containers with "privileged" in the config. Each machine runs its own kernel. A container escape is an industry-wide event. A VM escape is a research paper.
Persistent by default. Machines do not die after 24 hours. They work as long as they need to, sleep when idle, wake where they left off. Persistence is the architecture, not an afterthought.
Self-hosted without the stack. No Postgres. No ClickHouse. No Consul. No Nomad. Runs on your infrastructure as a single system. Your code stays on your network.

Get in touch →

your product's backend

POST /api/v1/machines

{ "image": "python-sandbox", "timeout": 30 }

✓ machine-a8f3 ready (0.8s)

Isolated: own kernel, own filesystem, own network

POST /api/v1/machines/a8f3/exec

{ "code": "import pandas as pd; print(pd.read_csv('data.csv').describe())" }

200 OK (2.1s)

Output returned. Machine destroyed. Host untouched.

How it works

boxd is a distributed system built from scratch in Rust. A cluster has four node types: control (placement, auth, IP allocation), worker (KVM virtual machines), proxy (SSH + TLS termination), and DNS. All participate in a single Raft consensus cluster.

One process per VM

Each VM runs as its own OS process managing a KVM virtual machine. If the supervisor crashes, VMs keep running. When it comes back, it reconnects through Unix sockets. No cold restart, no boot storm.

No database. No message queue.

Raft consensus eliminates the need for a separate database cluster, message broker, service discovery, or distributed lock manager. Every node has a complete, consistent replica of state. Reads are always local and always fast.

Self-hostable

The entire system runs on your own hardware. Minimum viable cluster is a single node. Production is typically 3 control + 2 workers + 2 proxies + DNS. Adding capacity means bringing up a new worker and pointing it at the cluster.

RustKVMRaft consensuseBPFCopy-on-writeUbuntu 24.04SSHgRPCProtobuf

Read the full technical deep dive →

Try it now

No signup. No install. Just SSH.

$ ssh boxd.sh

Built by Azin Tech in Amsterdam. Open for early access.