What happens when you run code
When you callSmolVM() and run a command, five things happen behind the scenes:
- SmolVM builds or reuses a lightweight Linux image — a published preset such as Ubuntu, or a custom filesystem with your own tools.
- A microVM boots using Firecracker on Linux or QEMU on macOS and Linux.
- A private network is created so the sandbox can reach the internet but is isolated from other sandboxes.
- SmolVM connects to the sandbox — over SSH, or a faster vsock channel when available — to execute your commands and return the output.
- Everything is torn down when you exit the
withblock.
Why microVMs instead of containers
AI agents and applications often need to run code that comes from a language model — Python scripts, shell commands, or browser automation. Running that code directly on your host or inside a container can be risky because containers share the host kernel. SmolVM uses KVM-backed microVMs, which provide hardware-level isolation:- Stronger boundary — each sandbox runs its own kernel, so a breakout would require a hypervisor exploit, not just a kernel vulnerability
- Fast startup — QEMU + vsock published Ubuntu sandboxes reach readiness in under half a second on the latest Linux benchmark
- Low overhead — minimal memory footprint compared to traditional VMs
Key components
SDK (SmolVM class)
The main interface you import in Python. It handles VM lifecycle (create, start, stop, delete), command execution via vm.run(), auto-configuration so you can get started with zero config, and reconnection to existing sandboxes via SmolVM.from_id().
CLI (smolvm command)
A terminal interface for creating sandboxes, starting browser sessions, running diagnostics, and managing snapshots. Useful for scripting, debugging, and quick exploration.
Network layer
Each sandbox gets a dedicated TAP device, a private IP address in the172.16.0.0/16 range, and automatic NAT for outbound connectivity. Sandboxes are isolated from each other by default.
State store
SmolVM tracks sandbox metadata, network assignments, and process state in a local SQLite database at~/.local/state/smolvm/smolvm.db. This lets you reconnect to running sandboxes across Python sessions.
Image builder
Builds Alpine Linux root filesystems with SSH pre-configured. You can also create custom images with your own tools and dependencies baked in.Resource defaults
Performance
Latest QEMU published Ubuntu medians (p50) on a Linux KVM host:Next steps
- Learn about the security model
- Understand backend options (Firecracker vs. QEMU)
- Configure networking
