Run untrusted code in hardened VMs.
Hotcell runs code inside tiny virtual machines. Each execution gets its own kernel, its own memory, its own process tree. The code cannot see or touch the host because it is running on separate virtual hardware.
$ hotcell run alpine -- echo "hello from a VM"
Pulling docker.io/library/alpine:latest...
hello from a VM
$ hotcell run --network inet python:3.12-slim \
-- python3 -c "import urllib.request; \
print(urllib.request.urlopen( \
'http://example.com').status)"
Pulling docker.io/library/python:3.12-slim...
200VM Isolation
Each execution gets its own kernel, memory space, and process tree. Three pluggable VMM backends — libkrun (macOS + Linux), Firecracker (Linux), and Cloud Hypervisor (Linux) — provide hardware-level virtualization. 22 hardening items across host and guest: seccomp BPF with TSYNC, Landlock MAC, 5-namespace isolation, capability dropping, cgroup v2 limits, vsock HMAC-SHA256 authentication, network egress filtering, and fs-verity/dm-verity for rootfs integrity.
OCI Image Support
Pull and run standard Docker/OCI images. No special image format needed — just hardened security for your existing containers.
Real-Time Streaming
Stream console output in real-time via SSE or WebSocket. No waiting for the VM to exit — see output as it happens.
Pluggable Backends
Choose your VMM per-request. libkrun for macOS + Linux with virtiofs and TSI networking. Firecracker for stronger Linux isolation with ext4 block devices. Cloud Hypervisor for Linux with virtio-fs and a REST API over Unix socket.
Dual-Platform
macOS (Apple Silicon via Hypervisor.framework) and Linux (x86_64/aarch64 via KVM). Native hypervisors for zero-overhead performance.
Ready to try Hotcell?
Hotcell is a CLI, Rust library, and HTTP server for running code in hardware-isolated VMs. Three pluggable VMM backends, real-time streaming, and a defense-in-depth security model with 22 hardening items and 127+ tests.