stereOS

Overview

stereOS runs AI coding agents inside sandboxed Linux VMs. Instead of giving an agent access to your host machine, stereOS boots a disposable VM, injects credentials, and launches the agent — isolated from everything else.

masterblaster (mb) is the CLI that manages everything.

Install

curl -fsSL https://mb.stereos.ai/install | bash

Run

In a separate terminal, start the daemon:

mb serve

The daemon manages VM processes. Keep it running.

Use

Mixtapes are pre-built VM images with agents included. Pull one to get started:

mb pull opencode-mixtape

Create a jcard.toml in your working directory:

mixtape = "opencode-mixtape:latest"

[[agents]]
harness = "opencode"
prompt = "Hello world!"

The jcard tells mb which mixtape to boot and which agents to run. See the jcard.toml reference for all options.

Then:

mb up    # boot the VM
mb ssh   # connect to it

You’re inside a sandboxed VM with OpenCode running your prompt.

When you’re done, clean up:

mb down
mb destroy

Why a VM?

stereOS uses full virtual machines — not containers, not microvms. This is a deliberate design choice:

  • Full isolation — each agent gets its own kernel, RAM, disk, and network. Nothing is shared with the host.
  • Hardware access — secure boot, FIPS compliance, and GPU passthrough for running local models via ollama or vLLM.
  • Bare metal ready — runs on real hardware, not just KVM. Critical for self-hosted enterprise deployments.
  • Self-healing infrastructure — agents can run k8s, docker compose, or kick other agents inside their own VM with no platform needed.

Microvms (Firecracker, Cloud Hypervisor) strip virtual hardware, which means no secure boot, no FIPS, no GPU passthrough, no bare metal support, and broken security boundaries for nested virtualization. Full VMs avoid all of that.