Sandboxes for AI agents.
One command away.
Noid is a lightweight micro-VM orchestration tool for isolating AI agents — with checkpoint and restore built in. Run it on your infrastructure. No vendor lock-in. No per-minute billing.
$ noid create my-vm
VM created: my-vm (running)
$ noid exec my-vm -- echo "Hello from Noid"
Hello from Noid
$ noid console my-vm
noid@noid:~$ exit
$ noid checkpoint my-vm --label before-deploy
Checkpoint created: ckpt_a1b2c3d4The Problem
Hosted sandboxes scale costs, not control
Linear cost scaling.
Hosted VM platforms charge per CPU-hour and per GB-hour. At 100 VMs, you're spending thousands per month for compute you could own.
No infrastructure control.
Your code runs on someone else's machines. No control over data residency, networking, kernel versions, or storage backends.
Vendor lock-in by design.
Proprietary APIs, managed runtimes, opaque billing. Migrating away means rewriting your integration layer.
The Solution
Your VMs. Your hardware. Your rules.
Noid runs isolated sandboxes on any Linux host you control. A single binary manages VM lifecycle, and the CLI talks to it from Linux or macOS. Checkpoint, clone, and restore VMs instantly — with zero-copy snapshots on btrfs.
One-command VMs
noid create spins up a sandbox with networking, serial console, and exec in seconds. No YAML. No manifests. No orchestrator.
Instant checkpoints
Freeze VM state to disk and restore it later — or clone it into a new VM. On btrfs, snapshots are zero-copy.
Run from anywhere
The CLI runs on Linux x86_64, macOS Intel, and macOS Apple Silicon. Manage remote VMs from your laptop over authenticated HTTP.
Built for automation
Multi-tenant with token auth, a REST + WebSocket API, and a TypeScript SDK (@noid/sdk). Build on top of Noid programmatically.
How It Works
Three commands. Full lifecycle.
Create
$ noid create my-vm --cpus 2 --mem 4096
VM created: my-vm (running)
$ noid exec my-vm -- uname -a
Linux noid 6.12.71 #1 SMP x86_64 GNU/LinuxCreate a VM and run commands inside it. Networking, console, and exec are ready immediately.
Checkpoint
$ noid checkpoint my-vm --label before-deploy
Checkpoint created: ckpt_a1b2c3d4
$ noid restore my-vm ckpt_a1b2c3d4 --as my-vm-v2
VM restored: my-vm-v2 (running)Freeze VM state at any point. Restore it or clone it into a new VM. On btrfs, this is instant.
Automate
import { NoidClient } from '@noid/sdk';
const client = new NoidClient({
baseUrl: 'https://noid.example.com',
token: process.env.NOID_TOKEN!,
});
const vm = await client.createVm('agent-sandbox', { cpus: 2, memMib: 4096 });
const result = await vm.exec(['python3', 'run.py']);
const checkpoint = await vm.createCheckpoint({ label: 'done' });Use the TypeScript SDK to integrate Noid into your platform. Every CLI operation is available programmatically.
Comparison
Noid vs. hosted platforms
| Feature | Noid | Hosted Platforms |
|---|---|---|
| Runs on your hardware | Yes | No |
| Pricing model | Free | Per CPU-hour + per GB-hour |
| Data residency | You choose | Provider-controlled |
| Checkpoint/restore | Instant (btrfs zero-copy) | Varies / limited |
| Self-hosted | Yes, single binary | No |
| CLI + SDK | Linux, macOS, TypeScript | Platform-specific |
| Open source | Source available | Partial or closed |
| Vendor lock-in | None | Ecosystem-dependent |
Use Cases
Built for workloads that need isolation
AI Agent Sandboxes
Give each agent its own VM. Execute untrusted code, install packages, checkpoint state between turns. Restore to a known-good state if anything goes wrong.
Coding Sandboxes
Spin up isolated dev environments per user or per session. Instant restore means you can reset to a clean state in milliseconds, not minutes.
Long-Running Workloads
Run background jobs, CI pipelines, or data processing inside VMs with full kernel isolation. Checkpoint progress and resume later.
Dev/Test Environments
Clone a VM at any checkpoint to create parallel test environments. Test against real system state, not mocked containers.
Start in 30 seconds
curl -fsSL https://noid.one/install | shOr download binaries directly from GitHub.
CLI works on Linux, macOS, and Windows WSL. Server requires Linux with KVM support.