I wanted to test local AI agents (like openclaw) but didn't want to give them raw access to my host machine. I built Mittens to isolate them inside a Firecracker microVM, controlled via a Go/Bubble Tea TUI over vsock.
The stack & what works:
Go TUI is fully async and manages the VM lifecycle.
Bash script auto-compiles a Dockerfile into an ext4 rootfs.
Custom /sbin/init boots the OS and starts the vsock listener in <2s.
Host networking automatically bridges tap0 with NAT routing.
The blocker: The guest listener receives the prompt and executes the Node.js agent, but the process hangs silently forever until my host-side 45s timeout kills it.
I have to pivot back to my project and midterms, so I am completely out of bandwidth to debug headless Linux/Node edge cases.
I'm open-sourcing this as a boilerplate. If you like Go systems engineering, Firecracker, or want to take a crack at the network hang, the code is yours.
x-guo•1h ago
The stack & what works:
Go TUI is fully async and manages the VM lifecycle.
Bash script auto-compiles a Dockerfile into an ext4 rootfs.
Custom /sbin/init boots the OS and starts the vsock listener in <2s.
Host networking automatically bridges tap0 with NAT routing.
The blocker: The guest listener receives the prompt and executes the Node.js agent, but the process hangs silently forever until my host-side 45s timeout kills it.
I have to pivot back to my project and midterms, so I am completely out of bandwidth to debug headless Linux/Node edge cases.
I'm open-sourcing this as a boilerplate. If you like Go systems engineering, Firecracker, or want to take a crack at the network hang, the code is yours.
https://github.com/oug-t/mittens