aicoolies logo
Lume logo

Lume

macOS and Linux VM runtime for AI agents on Apple Silicon

Share
open-sourceOpen Source
Visit Website →

Lume is an open-source CLI for creating and managing macOS and Linux virtual machines on Apple Silicon, built specifically for AI agent sandboxing, CI/CD pipelines, and desktop automation. Using Apple's native Virtualization.Framework for near-native performance, it provides the missing isolation layer for running coding agents safely — so an accidental destructive command doesn't affect your host machine.

Lume is a VM runtime built by Cua (YC X25) that solves a specific problem for developers on Apple Silicon: running AI coding agents in fully isolated macOS or Linux virtual machines with near-native performance. When you give Claude Code or Codex CLI permission to execute shell commands and modify files, there is always a risk that an agent makes a destructive mistake. Lume provides the safety net — each agent session runs inside its own VM with an independent filesystem, network stack, and system state that can be snapshotted and rolled back instantly.

Built on Apple's native Virtualization.Framework, Lume avoids the overhead of traditional hypervisors and achieves performance that is nearly indistinguishable from running natively. This is a key differentiator from Docker-based sandboxing: Docker cannot run macOS containers, and Linux containers share the host kernel, offering weaker isolation. Lume creates true virtual machines with their own kernel, making it suitable for testing macOS-specific code paths, running CI/CD builds for Apple platforms, and creating disposable development environments. The CLI supports creating, starting, stopping, and snapshotting VMs with simple commands.

The broader Cua platform extends Lume into computer-use agent infrastructure — AI agents that can operate macOS and Linux desktops autonomously for testing, automation, and research. With over 12,900 GitHub stars on the monorepo, MIT licensing, and active development, Lume fills a unique gap in the developer tools landscape. The Show HN launch in January 2026 reached 521 points on Hacker News, confirming strong developer interest in Apple Silicon virtualization for agent sandboxing and CI/CD use cases.

Pricing

Free and open source (MIT). Managed cloud offering in development.

Platforms

macOS on Apple Silicon (M1/M2/M3/M4). Creates macOS and Linux VMs. CLI-based workflow.

Categories

Tags

Use Cases

Alternatives

E2B logo

E2B

Secure cloud sandboxes for AI agents

E2B provides secure cloud sandboxes that let AI agents execute code, run terminal commands, and interact with filesystems in isolated environments. Each sandbox spins up in ~150ms with its own OS, giving agents a safe space to run untrusted code. Supports Python, JavaScript, and any language via custom Dockerfiles. Used by AI coding assistants, data analysis agents, and code interpreters. SDK available for Python and JavaScript with a simple API for programmatic sandbox control.

freemiumOpen Source
Daytona logo

Daytona

Open-source dev environment management with AI integration

Daytona is secure, elastic infrastructure for running AI-generated code in isolated sandboxes. It gives agents and developer workflows programmable environments with dedicated kernel, filesystem, network, vCPU, memory, and disk, backed by OCI/Docker compatibility, SDK/API access, and under-90ms sandbox startup. The project has 72,000+ GitHub stars and is AGPL-3.0 licensed.

open-sourceOpen Source
Microsandbox logo

Microsandbox

Local microVM sandboxes for AI agent code execution

Microsandbox provides hardware-level isolated sandboxes for AI agents to execute code safely on local machines. Using libkrun microVMs and a 320ms bare-metal Linux/KVM homepage benchmark, it offers stronger isolation than Docker containers while staying lightweight enough for dev workstations. OCI-compatible with Python and Node.js runtimes. Apache-2.0 licensed with 6.6K+ GitHub stars.

open-sourceOpen Source

NVIDIA OpenShell

Secure sandboxed runtime for AI agent execution

NVIDIA OpenShell provides kernel-level isolation for AI agent workloads with Landlock, seccomp, and network namespace sandboxing. Announced at GTC 2026 with 17 enterprise partners including Adobe, Atlassian, SAP, and Salesforce, it offers declarative YAML policy enforcement, L7 HTTP inspection, and GPU passthrough — purpose-built to contain the blast radius when autonomous coding agents interact with filesystems and networks.

open-sourceOpen Source

Related Tools

KubeAI

Kubernetes operator for serving AI inference workloads

KubeAI is an Apache-2.0 Kubernetes operator for deploying and scaling AI inference workloads, including LLMs, embeddings, reranking, and speech-to-text. It gives platform teams OpenAI-compatible endpoints, model proxy/controller primitives, model caching, scale-from-zero behavior, and cluster-native resource management for self-hosted inference on Kubernetes.

open-sourceOpen Source

CLIProxyAPI

Self-hosted proxy API for routing AI CLI accounts into OpenAI-compatible endpoints

CLIProxyAPI is an open-source Go proxy server that wraps Gemini CLI, Claude Code, OpenAI Codex, Grok Build, and related CLI account flows behind OpenAI/Gemini/Claude-compatible API endpoints. Use it carefully: it can touch OAuth sessions, auth files, logs, and provider account policies, so production use needs credential and ToS review.

open-sourceOpen SourceTelemetry
OpenHuman logo

OpenHuman

Local-first personal AI agent with memory trees, desktop integrations, and private workspace context.

OpenHuman is an open-source, local-first personal AI agent from TinyHumans. It combines a desktop app, persistent memory trees, Obsidian-compatible storage, OAuth integrations, and local model support into a private assistant harness. It is most interesting for users who want agentic workflows and long-term memory without handing every context detail to a fully cloud-hosted assistant.

open-sourceOpen SourceTelemetry
DenchClaw logo

DenchClaw

Local AI CRM and workflow automation on OpenClaw

DenchClaw is a local AI CRM and workflow automation app built on OpenClaw. It runs on a Mac at localhost, lets users chat with local business data, and focuses on lead enrichment, founder/customer research, and outreach automation. It belongs beside local AI, workflow automation, and OpenClaw-style personal-agent tools rather than pure coding IDEs.

open-sourceOpen Source
Traceway logo

Traceway

OpenTelemetry-native observability with AI tracing, logs, traces, metrics, and session replay — self-hosted in 90 seconds.

Traceway is an open-source, OpenTelemetry-native observability platform that combines logs, traces, metrics, exceptions, session replay, and AI tracing in a single self-hosted system. MIT licensed with no open-core restrictions, it deploys in 90 seconds via Docker Compose and accepts OTLP/HTTP from any OTel SDK without a Collector or per-language vendor SDK.

open-sourceOpen Source
Freestyle logo

Freestyle

Sandboxes for coding agents — Linux VMs, Git, and deploys in one box

Freestyle is YC-backed sandbox infrastructure built for AI coding agents, shipping secure Linux VMs with nested virtualization, Git servers, and one-click web deploys. It lets agents run real workloads, branch repos, and deploy apps under short-lived identities while billing only for active compute. Used in production by vly.ai, Rork, and Vibeflow.

freemium

Used in Stacks

Comparisons