Show HN: Run coding agents in microVM sandboxes instead of your host machine

[phoenixranger]

Hi HN, we built SuperHQ, an open source app that runs AI coding agents in isolated microVM sandboxes instead of directly on your machine. Each agent gets its own VM with a full Debian environment. You mount your projects in, writes go to a tmpfs overlay so your host is never touched, and you get a diff view to accept or discard changes. API keys never enter the sandbox. We also just launched remote.superhq.ai which acts as a remote control for SuperHQ, allowing you to access your workspaces and agents from anywhere.

[goodra7174]

The tmpfs overlay approach is smart — writes never touch the host. We've been solving a related but different problem: running AI agent workloads (not just coding agents) in production Kubernetes clusters where the agents can't make outbound calls at all. Air-gapped environments where the LLM inference runs on-cluster via Ollama or vLLM.

The isolation model is different — instead of protecting the developer's machine, we're protecting the enterprise's network from the agent. NetworkPolicies + FQDN egress control per agent namespace.

Question: how do you handle persistent state across sessions? If the agent needs to remember what it learned from a previous run, does the tmpfs model break that?

[phoenixranger]

thanks! we have checkpoints for that, you can checkpoint a sandbox and fork it to start a new session (checkpointing is a terminal state)

[harshdoesdev]

Hi guys, we are super excited about the launch of remote.superhq.ai - remote control for your dev environment. please do check it out and share your feedback.