Guides
Last updated: 2026-06-27
These guides are for doing the work, not memorizing flags. Each one starts with a task, shows runnable commands, and points to the CLI reference when the details matter.
Run things
Section titled “Run things”- Run one-shot commands - boot a microVM, run a command, tear it down. Setup steps, env vars, artifacts, timeouts.
- Keep a persistent workspace - create a named workspace and walk the create, start, halt, connect, delete lifecycle.
- Run a service - run Postgres in a workspace with a published port, a named volume for data, and a restart policy.
Move data
Section titled “Move data”- Use volumes and move data - named volumes, attached disks, tar bundles, and
cpin and out of stopped workspaces. - Deliver secrets - get credentials into the guest without writing them to disk, plus on-demand fetch and the audit log.
Save and share state
Section titled “Save and share state”- Snapshot and fork workspaces - checkpoint a running workspace, restore it in place, or fork copies from one snapshot.
Connect things
Section titled “Connect things”- Networking - give a workspace outbound access and publish a guest port back to the host.
- Allowlist and passthrough egress - confine a workspace to a known set of destinations with
strict, and let cert-pinned endpoints through with passthrough. - Serve microagent over MCP - register
microagent serve mcpin Claude Code or another MCP client and drive workspaces with tools.
Build an agent
Section titled “Build an agent”- Build a simple agent - a one-shot agent that takes a request, calls Claude under operator-supplied constraints, and writes a result.
- Build agents on the mediation channel - the guest-to-host vsock contract: declare it, listen on the host, loop in the agent.