machine — one isolated Lima VM per project, for running AI coding agents safely #5073
katspaugh
started this conversation in
Show and tell
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi all 👋
I built
machine, a small CLI (plus optional macOS GUI) that gives every GitHub project itsown disposable Lima VM — and I wanted to share it here since Lima is doing all the heavy
lifting.
The itch it scratches
I run AI coding agents (Claude Code, Codex) in permissive/auto-approve
mode, and I didn't want them — or any project's dev dependencies — touching my host or
seeing my other projects. So each project gets its own VM: no host filesystem mounts at all,
code is cloned inside the VM over a forwarded SSH agent, and the only thing crossing the
boundary is a set of localhost port-forwards for dev servers.
What's in each VM: Docker, Node, the agent CLIs, gh, signed git (host key via agent
forwarding, never copied in), and opt-in tool profiles per project (Cypress, Supabase +
flyctl, Python, Rust, Go…). Declarative config in a projects.toml:
How it uses Lima
create/start/stop/delete driven by the CLI
machine rebuild reproduces the whole environment from scratch — that's my reproducibility
test
Remote-SSH / Cursor / JetBrains Gateway connect to the VM with zero extra setup
ports) across all project VMs
Lima made this almost embarrassingly easy — the template + limactl surface was all I needed,
and agent forwarding "just works" for signed commits inside the VM. Thanks for the great
tool!
Happy to answer questions, and very open to feedback — especially if I'm holding Lima wrong
anywhere.
Beta Was this translation helpful? Give feedback.
All reactions