SuperHQ Puts Coding Agents Inside Local microVM Sandboxes
SuperHQ is an early open source app for running AI coding agents in isolated local microVMs, with diff review and an auth gateway that keeps API keys out of the sandbox.
SuperHQ is an early alpha app for running AI coding agents inside isolated local microVMs instead of directly on a developer's host machine. The GitHub repository describes support for Claude Code, OpenAI Codex, and custom agents, with full terminal access, a unified diff review panel, and a host-side auth gateway for credentials. The Hacker News launch thread adds a useful signal: developers are specifically discussing tmpfs overlays, checkpointing, and how agent isolation should handle persistent state.
Key takeaways
- SuperHQ is open source under AGPL-3.0 and built with Rust plus GPUI.
- Each workspace runs in an isolated VM with its own filesystem, networking, and resource limits.
- The app mounts projects into the VM while routing writes through an overlay, then shows changes for review.
- SuperHQ's README says real API keys and OAuth tokens stay outside the sandbox through a host auth gateway.
- The project warns that it is a very early alpha and not ready for production use.
Practical LinkLoot angle
SuperHQ is useful as a pattern even if you do not adopt it today: run risky coding agents away from the host, keep secrets out of the execution environment, and make the human review a diff-based checkpoint instead of a vague chat transcript. That matters for teams testing autonomous refactors, migration agents, or "danger mode" coding tools on real repositories.
| Tool path | Best use | Limitation | Source |
|---|---|---|---|
| SuperHQ | Local agent workspaces with VM isolation and diff review | Very early alpha; macOS-focused setup details | GitHub |
| Shuru runtime | Lower-level local microVM sandbox layer | Separate evaluation needed before relying on it | GitHub context |
| Plain worktree sandboxing | Quick branch-level isolation | Does not isolate tokens, network, or runtime side effects | LinkLoot analysis |
For a low-risk trial, point SuperHQ at a disposable repository first. Run a small agent task, inspect whether writes stay inside the expected overlay, confirm that the diff panel catches generated files, and verify that credentials are not visible inside the sandbox shell. Do not start with a private production repo or broad API credentials.
What to verify before you act
Start with platform fit. The repository includes macOS setup notes, Gatekeeper caveats, and runtime download requirements, so Linux or team-wide deployment may need separate validation.
Check the alpha warning. The maintainers explicitly say to expect rough edges, missing features, and breaking changes. Treat it as an evaluation candidate, not a compliance-ready control.
Test the auth gateway model with throwaway credentials. The core security claim is that agents never see real API keys or OAuth tokens, so verify environment variables, shell history, process output, and outbound requests before trusting the boundary.
SuperHQ is an open source app for running AI coding agents inside isolated local microVM workspaces.
For more agent-tool evaluation paths, use LinkLoot's guide hub: /guides/ai-agent-tools.