Capsa

Cross-Platform

Unified API across Linux (KVM) and macOS (Virtualization.framework). Write once, run on both platforms.

Async-First

Built on Tokio with native async/await support. Integrates seamlessly into modern Rust applications.

Sandbox Mode

Built-in agent for structured command execution and file operations. No console scraping required.

Userspace Networking

Built-in NAT, port forwarding, and network policies with domain-based filtering. Perfect for sandboxing.

Shared Directories

High-performance virtio-fs for sharing files between host and guest. Real-time synchronization.

VM Pools

Pre-warm pools of identical VMs for instant access. Eliminate boot latency in tests and interactive use.

Quick Example

Create a sandbox and run commands in 5 lines:

rust,no_run

// Create a sandbox
let vm = capsa::sandbox()
    .build()
    .await?;

// Connect to the agent
let agent = vm.agent().await?;

// Run commands with structured output
let result = agent.exec("uname").arg("-a").run().await?;
println!("Kernel: {}", result.stdout);
println!("Exit code: {}", result.exit_code);

// Clean shutdown
vm.shutdown().await?;

Use Cases

AI Coding Agents

Run untrusted code in isolated VMs with fine-grained network policies. Allow only specific API endpoints while blocking everything else.

rust,no_run

let policy = NetworkPolicy::deny_all()
    .allow_domain("api.anthropic.com")
    .allow_domain("*.github.com");

let network = VirtualNetwork::with_gateway(
    Gateway::new("10.0.2.0/24").unwrap().policy(policy).unwrap()
);

let vm = capsa::sandbox()
    .network(&network)?
    .run("/bin/agent", &[])
    .build().await?;

let agent = vm.agent().await?;

// Execute untrusted code safely
let result = agent.exec("python").arg("/code/solution.py").run().await?;

Integration Testing

Create sandboxes for isolated test execution. Each test gets a fresh environment.

rust,no_run

let vm = capsa::sandbox()
    .share("./project", "/project", AccessMode::ReadOnly)
    .build()
    .await?;

let agent = vm.agent().await?;

// Run tests in isolation
let result = agent.exec("/bin/sh").args(["-c", "cd /project && cargo test"]).run().await?;
assert_eq!(result.exit_code, 0, "Tests failed: {}", result.stderr);

Sandboxed Environments

Share specific directories with guests while maintaining isolation. Perfect for build environments and code execution.

rust,no_run

let vm = capsa::sandbox()
    .share("./workspace", "/mnt/code", AccessMode::ReadWrite)
    .build().await?;

let agent = vm.agent().await?;

// Build inside the sandbox
let result = agent.exec("make").args(["-C", "/mnt/code"]).run().await?;

Feature	Linux (KVM)	macOS
Sandbox Mode	Supported	Supported
Linux Direct Boot	Supported	Supported
UEFI Boot	-	Supported
virtio-fs Shares	Supported	Supported
Networking	Supported	Supported
VM Sockets (vsock)	Supported	Supported
VM Pools	Supported	Supported

Feature

Linux (KVM)

macOS

Sandbox Mode

Supported

Linux Direct Boot

Supported

UEFI Boot

Supported

virtio-fs Shares

Supported

Networking

Supported

VM Sockets (vsock)

Supported

VM Pools

Supported

CapsaCross-Platform Virtual Machines for Rust

Cross-Platform

Async-First

Sandbox Mode

Userspace Networking

Shared Directories

VM Pools

Quick Example

Use Cases

AI Coding Agents

Integration Testing

Sandboxed Environments

Platform Support

Next Steps

CapsaCross-Platform Virtual Machines for Rust

Cross-Platform

Async-First

Sandbox Mode

Userspace Networking

Shared Directories

VM Pools

Quick Example ​

Use Cases ​

AI Coding Agents ​

Integration Testing ​

Sandboxed Environments ​

Platform Support ​

Next Steps ​

Quick Example

Use Cases

AI Coding Agents

Integration Testing

Sandboxed Environments

Platform Support

Next Steps