{"slug": "show-hn-mitos-n-way-live-copy-on-write-fork-of-running-firecracker-microvms", "title": "Show HN: Mitos – N-way live copy-on-write fork of running Firecracker microVMs", "summary": "Mitos, an open-source runtime for AI agents on Kubernetes, launches with N-way live copy-on-write fork of Firecracker microVMs, achieving warm-claim activation in tens of milliseconds. The tool provides isolated, forkable sandboxes that restore from memory snapshots, enabling parallel agent attempts with durable workspaces. Mitos is self-hostable on any Kubernetes cluster with KVM nodes or available as a managed service.", "body_md": "**Millisecond microVM sandbox forking for AI agents on Kubernetes.**\n\nIsolated, forkable computers for your agents: Firecracker microVMs that restore from memory snapshots in milliseconds, fork into parallel attempts, and persist durable workspaces.\n\n[Documentation](/mitos-run/mitos/blob/main/docs) .\n[Quickstart](#quickstart) .\n[Architecture](#architecture) .\n[Comparison](#comparison) .\n[Contributing](/mitos-run/mitos/blob/main/CONTRIBUTING.md)\n\nAgent harnesses need fast, isolated environments where agents can read and write files, install packages, and run untrusted code. Every existing option forces a trade you should not have to make: speed without ownership, isolation without forking, Kubernetes-nativeness without warm starts, or durability as someone else's proprietary cloud.\n\n`mitos`\n\nis, as far as we know, the only open-source, self-hostable, Kubernetes-native runtime whose engine does N-way live copy-on-write fork of a running microVM, and it does so with a **warm-claim activate in the tens-of-ms class**: P50 ~27 ms on the bare-metal reference node, reproducible from [ bench/husk-activate-latency.sh](/mitos-run/mitos/blob/main/bench/husk-activate-latency.sh). You drive the whole lifecycle through declarative CRDs (\n\n`mitos.run`\n\n) on your own cluster, or fully hosted by us.Two ways to run it:\n\n**Self-hosted**: any Kubernetes cluster with KVM nodes. Your data never leaves your infrastructure. Bare metal (Hetzner + Talos is the reference platform) is a first-class target.**Hosted**: a managed service operated by us, same engine and same API, for teams that want milliseconds without managing nodes.\n\nLive N-way CoW fork runs on the husk pod-native default: the source husk pod snapshots its running VM and N child husk pods restore it via CoW, each an independent Ready child, verified on a real KVM cluster. The raw-forkd engine path, where forkd's in-process engine owns the running VM, also forks. Warm-claim activate, blocking exec,\n\n`run_code`\n\nfail-closed, self-heal, autoscale, live fork, and durable forkable workspaces are all verified on the husk default on a real KVM cluster.\n\n``` python\nfrom mitos import AgentRun\n\nc = AgentRun()                                   # kubeconfig or in-cluster; autodetected\n\n# One-liner: a lazy default pool is created for the image if you have none.\nsb = c.sandbox(\"python\", ready=True)             # claims a warm sandbox, waits Ready\nresult = sb.exec(\"python -c 'import numpy as np; print(np.mean([1,2,3,4,5]))'\")\nprint(result.stdout)                             # 3.0\n\n# Fork the running sandbox to try two approaches against shared warmed state.\n# Live fork runs on the husk pod-native default and the raw-forkd engine path;\n# each child is an independent Ready sandbox.\nfork_a, fork_b = sb.fork(2)\nfork_a.exec(\"python -c \\\"open('/workspace/plan_a.txt','w').write('conservative')\\\"\")\nfork_b.exec(\"python -c \\\"open('/workspace/plan_b.txt','w').write('aggressive')\\\"\")\n\nsb.terminate()\n```\n\n`c.sandbox(\"python\")`\n\nlazily creates a default pool `mitos-default-python`\n\n(a SandboxTemplate plus a SandboxPool) if you have none; pass `pool=\"my-pool\"`\n\nto use an existing pool, which never creates anything. Errors raise `AgentRunError(code, cause, remediation)`\n\n.\n\nThe async client (`AsyncAgentRun`\n\n) mirrors the hot paths and adds `create_pty()`\n\nfor an interactive terminal over WebSocket.\n\n``` js\nimport { AgentRun } from \"@mitos/sdk\";\n\nconst run = new AgentRun();                       // direct or cluster mode\n\nconst sb = await run.sandbox(\"python\", { ready: true });\nconst result = await sb.exec(\"python -c 'print(40 + 2)'\");\nconsole.log(result.stdout);                        // 42\n\nconst reconnected = await run.fromName(sb.name);   // durable reconnect handle\nawait sb.terminate();\n```\n\nThe TypeScript SDK (`@mitos/sdk`\n\n) exposes the same one-liner `sandbox(image)`\n\n, `fromName`\n\nreconnect, streaming exec, and a server-envelope-aware `AgentRunError`\n\n. Parity table in [sdk/typescript/README.md](/mitos-run/mitos/blob/main/sdk/typescript/README.md).\n\n```\ngo build -o mitos ./cmd/mitos/\n\nmitos sandbox create --pool dev-default\nmitos run echo hello --pool dev-default\nmitos sandbox ls\n```\n\n`mitos dev up`\n\nbrings up a one-command local control plane on a mock engine. An MCP server (`mitos-mcp`\n\n) exposes sandboxes as MCP tools so any MCP-speaking agent can use them with zero SDK integration. See [docs/cli.md](/mitos-run/mitos/blob/main/docs/cli.md) and [docs/mcp.md](/mitos-run/mitos/blob/main/docs/mcp.md).\n\n```\n# Streaming exec: callbacks fire per chunk; the ExecResult still carries the aggregate.\nsb.exec(\"pip install rich\", on_stdout=lambda b: print(b.decode(), end=\"\"))\n\n# Stateful code interpreter: state persists across run_code calls for the sandbox lifetime.\nex = sb.run_code(\"import pandas as pd; df = pd.DataFrame({'x':[1,2,3]}); df.describe()\")\nprint(ex.text)            # the REPL's last value, rendered\nfor r in ex.results:      # rich multi-MIME display artifacts (tables, images, ...)\n    print(r.mime)\n# run_code returns a KernelUnavailable error until the kernel ships in the husk base image.\n\n# Detach a long-running process and keep working.\nsb.exec_background(\"python train.py > /workspace/train.log 2>&1\")\n```\n\nStreaming exec (`/v1/exec/stream`\n\n) and the interactive PTY (`/v1/pty`\n\n) require the raw-forkd path or a husk template snapshot rebuilt with the current guest agent: the agent baked into today's husk template snapshot predates the vsock streaming/PTY frame protocol, so on the husk default the stream and the PTY WebSocket close early. Blocking exec (`/v1/exec`\n\n) is unaffected and works on the husk default. The husk template guest-agent rebuild is a tracked follow-up ([#24](https://github.com/mitos-run/mitos/issues/24)).\n\n```\nkubectl apply -k deploy/\n```\n\nThe self-contained kustomize base installs the CRDs, the controller in the default husk mode, the forkd builder DaemonSet, the `/dev/kvm`\n\ndevice plugin, and the PKI bootstrap, and applies on a real KVM node with no manual patches. Nodes need `/dev/kvm`\n\nand the label `mitos.run/kvm=true`\n\n; the controller discovers forkd pods automatically. A Helm chart is planned ([#37](https://github.com/mitos-run/mitos/issues/37)).\n\n```\napiVersion: mitos.run/v1alpha1\nkind: SandboxTemplate\nmetadata:\n  name: python-agent\nspec:\n  image: python:3.12-slim\n  init:\n    - \"pip install numpy pandas requests\"\n  resources:\n    cpu: \"1\"\n    memory: \"512Mi\"\n  volumes:\n    - name: workspace\n      size: 5Gi\n      forkPolicy: Snapshot\n---\napiVersion: mitos.run/v1alpha1\nkind: SandboxPool\nmetadata:\n  name: python-agent-pool\nspec:\n  templateRef:\n    name: python-agent\n  replicas: 10\n---\napiVersion: mitos.run/v1alpha1\nkind: SandboxClaim\nmetadata:\n  name: agent-session-1\nspec:\n  poolRef:\n    name: python-agent-pool\n  secrets:\n    - name: anthropic-key\n      secretRef:\n        name: agent-secrets\n        key: ANTHROPIC_API_KEY\n---\napiVersion: mitos.run/v1alpha1\nkind: SandboxFork\nmetadata:\n  name: parallel-attempt\nspec:\n  sourceRef:\n    name: agent-session-1\n  replicas: 3\n  allowSecretInheritance: true   # forks duplicate memory; opt in knowingly\n```\n\nEach row is honest about where it runs. The husk pod-native path is the DEFAULT; items that run on the raw-forkd engine path but are not yet wired on the husk default are marked.\n\n| Capability | What you get | Docs |\n|---|---|---|\n| Warm-claim activate | P50 ~27 ms on the bare-metal reference node (snapshot load + fork-correctness handshake + guest-ready, integrity gate enforced); ~6-16 ms snapshot restore; ~3 MiB marginal memory per forked sandbox via CoW page sharing |\n|\n\n`init`\n\nsteps before snapshotting, so there is no cold start on claim[docs/templates.md](/mitos-run/mitos/blob/main/docs/templates.md)[docs/metering.md](/mitos-run/mitos/blob/main/docs/metering.md)[docs/snapshot-distribution.md](/mitos-run/mitos/blob/main/docs/snapshot-distribution.md)| Capability | What you get | Docs |\n|---|---|---|\n| Hardware isolation per session | A dedicated kernel per sandbox (KVM/Firecracker); the husk default runs each VM in its own unprivileged, PSA-restricted pod, which IS the per-VM boundary |\n|\n\n[docs/threat-model.md](/mitos-run/mitos/blob/main/docs/threat-model.md)[docs/threat-model.md](/mitos-run/mitos/blob/main/docs/threat-model.md)`--enable-encryption`\n\n, fail-closed); HSM-backed keys and per-workspace scope are follow-ups[docs/encryption.md](/mitos-run/mitos/blob/main/docs/encryption.md)[docs/networking.md](/mitos-run/mitos/blob/main/docs/networking.md)| Capability | What you get | Docs |\n|---|---|---|\n| Blocking exec | Correct stdout and exit code over the sandbox API; works on the husk default |\n|\n\n[#24](https://github.com/mitos-run/mitos/issues/24))[#24](https://github.com/mitos-run/mitos/issues/24)`run_code`\n\nwith a stateful kernel and rich multi-MIME results, in both SDKs and the MCP server; fail-closed `KernelUnavailable`\n\nuntil the kernel ships in the husk base image[docs/mcp.md](/mitos-run/mitos/blob/main/docs/mcp.md)`{code, cause, remediation}`\n\n, parsed by both SDKs into a structured `AgentRunError`\n\n[#28](https://github.com/mitos-run/mitos/issues/28)`sandbox(image)`\n\n, lazy default pool, `from_name`\n\nreconnect, and async Python client; plus the `mitos`\n\nCLI and an MCP server[docs/cli.md](/mitos-run/mitos/blob/main/docs/cli.md)| Capability | What you get | Docs |\n|---|---|---|\n| Declarative CRDs | `SandboxTemplate` , `SandboxPool` , `SandboxClaim` , `SandboxFork` with volume topology and fork behavior |\n|\n\n`/dev/kvm`\n\nfrom a device plugin, not `privileged`\n\n), so CPU/memory requests are scheduler truth and PSA governs the pod[docs/threat-model.md](/mitos-run/mitos/blob/main/docs/threat-model.md)`MaxSandboxes`\n\nhost-DoS ceiling with atomic slot reservation, and typed `NoCapacity`\n\nbackpressure instead of OOMing a node[docs/scheduling.md](/mitos-run/mitos/blob/main/docs/scheduling.md)`SandboxPool.spec.autoscale`\n\nscales the dormant husk-pod count to `clamp(inUse + targetSpare, minWarm, maxWarm)`\n\nwith an anti-thrash cooldown; a fixed pool is just `minWarm == replicas`\n\n[docs/scheduling.md](/mitos-run/mitos/blob/main/docs/scheduling.md)[docs/failure-gc.md](/mitos-run/mitos/blob/main/docs/failure-gc.md)| Capability | What you get | Docs |\n|---|---|---|\n| Durable forkable workspaces | `Workspace` /`WorkspaceRevision` CRDs: durable, versioned, forkable agent state independent of any sandbox; `/workspace` hydrates on start and a committed revision dehydrates on terminate over the content-addressed store. Verified end to end on a real KVM cluster: create -> commit -> fork, where the forked sandbox reads the committed state |\n|\n\n`spec.outputs`\n\nnarrows the dehydrate to listed subtrees; a `{diff: true}`\n\noutput records a content-hash diff against the parent head[docs/workspaces.md](/mitos-run/mitos/blob/main/docs/workspaces.md)`{git}`\n\noutput pushes per-attempt branches to a rendezvous remote (git is the merge layer; the engine pushes, a human/CI merges). On the husk path the push is currently best-effort; fully wiring it is tracked[#21](https://github.com/mitos-run/mitos/issues/21)| Capability | What you get | Docs |\n|---|---|---|\n| Metrics and tracing | Node and controller Prometheus metrics, a per-claim OpenTelemetry trace (`--otlp-endpoint` ), and a toggleable structured audit log (`--audit-log` ) recording command/path and byte counts, never content or secrets |\n|\n\n[docs/metering.md](/mitos-run/mitos/blob/main/docs/metering.md)`kubectl sandbox`\n\nplugin (`ls`\n\n/ `ps`\n\n) and the operational `GET /v1/metering`\n\nreport[docs/observability.md](/mitos-run/mitos/blob/main/docs/observability.md)[docs/platforms/talos-hetzner.md](/mitos-run/mitos/blob/main/docs/platforms/talos-hetzner.md)\n\n```\nflowchart TB\n  subgraph SDKs[\"SDKs and surfaces\"]\n    PY[\"Python SDK\"]\n    TS[\"TypeScript SDK / @mitos/sdk\"]\n    CLI[\"mitos CLI / mitos-mcp\"]\n  end\n\n  subgraph CP[\"Kubernetes control plane\"]\n    CRD[\"SandboxTemplate -> SandboxPool -> SandboxClaim / SandboxFork / Workspace\"]\n    CTRL[\"controller (Deployment): reconciles CRDs, picks nodes, calls forkd over gRPC\"]\n    CRD --> CTRL\n  end\n\n  subgraph NODE[\"KVM-capable node\"]\n    FORKD[\"forkd (DaemonSet): builds snapshots, forks via CoW restore, bridges exec/files to the guest over vsock\"]\n    subgraph PODS[\"husk pods (DEFAULT): one unprivileged pod per VM\"]\n      VM1[\"VM + guest agent (PID 1)\"]\n      VM2[\"VM + guest agent (PID 1)\"]\n      VM3[\"VM + guest agent (PID 1)\"]\n    end\n    FORKD --> PODS\n  end\n\n  SDKs -->|HTTP /v1| FORKD\n  CTRL -->|gRPC| FORKD\n```\n\nData paths:\n\n**Claim path**: the controller selects a node, calls forkd`Fork`\n\nover gRPC; the claim status endpoint is forkd's HTTP API on that node.**Exec path**: SDK -> forkd HTTP API -> vsock -> guest agent (PID 1 inside the VM).\n\nSandboxes are not pods. Pod-scoped Kubernetes mechanisms (NetworkPolicy, ResourceQuota, PSA) govern the husk pod, not the workload inside the microVM; where we provide an equivalent, it is documented as ours. The sandbox is the VM, not the husk pod.\n\nOne command brings up a local kind cluster running a mock control plane, then the `mitos`\n\nCLI drives the full claim path:\n\n```\ngo build -o mitos ./cmd/mitos/\n\ndocker build -f Dockerfile.controller -t mitos-controller:ci .\ndocker build -f Dockerfile.forkd -t mitos-forkd:ci .\nkind create cluster --name mitos-dev --config hack/kind-config.yaml\nkind load docker-image mitos-controller:ci --name mitos-dev\nkind load docker-image mitos-forkd:ci --name mitos-dev\n\n./mitos dev up --skip-cluster-create\n./mitos sandbox create --pool dev-default   # reaches Ready on the mock engine\n./mitos sandbox ls\n./mitos run echo hello --pool dev-default\n./mitos dev down\n```\n\nThe local dev cluster uses the mock fork engine (no KVM): claims reconcile to `Ready`\n\nand control-plane dispatch works, but a real in-VM `exec`\n\nneeds a node with `/dev/kvm`\n\n. For the no-cluster REST loop, run `go run ./cmd/sandbox-server --mock --addr :8080`\n\nand use the Python SDK (`sdk/python`\n\n). See [docs/cli.md](/mitos-run/mitos/blob/main/docs/cli.md).\n\nA numbers table belongs here only when our benchmark harness can regenerate it against the actual competitors on the same hardware, with scripts in this repo so anyone can reproduce or refute it. That harness is [#15](https://github.com/mitos-run/mitos/issues/15). The differentiator is not a single fastest-number claim: `mitos`\n\nis, as far as we know, the only open-source, self-hostable, Kubernetes-native runtime whose engine does N-way live copy-on-write fork of a running microVM, with a warm-claim activate in the tens-of-ms class (P50 ~27 ms, reproducible from [ bench/husk-activate-latency.sh](/mitos-run/mitos/blob/main/bench/husk-activate-latency.sh)).\n\nThe figures below are **other vendors' published numbers, for different operations, on different hardware, measured with different methodology**; they are NOT measured by us and this is NOT a head-to-head claim. The matched-hardware comparison is [#15](https://github.com/mitos-run/mitos/issues/15).\n\n| Runtime | Published figure (theirs, not ours) | Operation they describe |\n|---|---|---|\n| mitos (ours, measured) | ~27 ms P50 | warm-claim activate (snapshot load + fork-correctness handshake + guest-ready) on the bare-metal reference node |\n| E2B | ~150 ms | sandbox create |\n| Daytona | sub-90 ms | create from snapshot |\n| Modal | sub-second | sandbox create |\n| CodeSandbox SDK | ~863 ms / ~495 ms | live fork / memory-resume |\n| Fly Machines | < 1 s | machine start |\n\nWhat is comparable and real today is the qualitative pareto map: the combination of open source, self-hostable, k8s-native, and live snapshot fork is the axis where `mitos`\n\nis alone.\n\n| mitos | E2B | Modal | Daytona | Morph | Cloudflare | Box | Agent Sandbox | Kata/KubeVirt | raw Firecracker | |\n|---|---|---|---|---|---|---|---|---|---|---|\n| Hardware isolation per session | KVM microVM | microVM | gVisor | container/VM | microVM | V8 isolate | VM | Kata option | KVM | KVM |\n| Snapshot fork of running state | yes, core primitive | snapshot/resume | memory snapshots | no | yes (Infinibranch) | no | disk fork | no | no | build it yourself |\n| Warm-pool millisecond claims | yes (design center) | warm pools | warm pools | workspaces | yes | instant isolates | not published | 1-3s cold | seconds | build it yourself |\n| Durable forkable workspaces | Workspace CRD | no | volumes | workspaces | yes, proprietary | yes (disk) | no | PVCs | PVCs | no |\n| Kubernetes-native API | CRDs | SaaS API | SaaS API | SaaS/OSS | SaaS API | SaaS API | agent-native CLI | CRDs | CRDs | no |\n| Self-hostable | yes, any KVM cluster | partial OSS | no | OSS core | no | no | no | yes | yes | yes |\n| Hosted option | planned (same engine) | yes | yes | yes | yes | yes | yes (only) | no | no | no |\n| Your data stays on your infra | yes (self-hosted) | no | no | partial | no | no | no | yes | yes | yes |\n| Open source | Apache 2.0 | partial | no | partial | no | no | no | Apache 2.0 | Apache 2.0 | Apache 2.0 |\n\nSaaS runtimes (E2B, Modal, Daytona, Cloudflare) are fast but your agents' code, data, and credentials run on someone else's infrastructure with no self-host path at equivalent capability. Morph built the right state model (branch/restore) as a proprietary cloud, and our Workspace primitive targets the same semantics open source at fork(2) speeds. Box is a hosted-only disk-fork sandbox SaaS with an agent-native CLI, which validates the agent-native direction we take with `mitos`\n\nand MCP (Box publishes no latency benchmark, so we make no comparison claim there). Agent Sandbox (k8s-sigs) is winning the Kubernetes API standard without a snapshot-fork engine, which is why we ship a conformance facade (`cmd/facade`\n\n) to be its fastest backend rather than fighting it ([docs/facade-conformance.md](/mitos-run/mitos/blob/main/docs/facade-conformance.md)). Kata, KubeVirt, and raw Firecracker give you the isolation primitive and leave the pool, fork, distribution, and agent-API layers as your problem.\n\nIf an alternative beats us on an axis you care about and we have no roadmap line that closes it, that is a bug in our strategy: open an issue.\n\nEarly development, pre-1.0 (latest release `v0.3.0`\n\n). Do not run untrusted code with this project in production yet: there has been no external security review, and some isolation controls remain open (see the threat model). Husk network egress is now verified end to end on a real KVM cluster: the in-pod default-deny filter, the cloud-metadata (169.254.169.254) block, and the per-template allowlist are all proven inside a restored VM, with no node prerequisite. See [docs/threat-model.md](/mitos-run/mitos/blob/main/docs/threat-model.md) for the exact per-boundary status. The control plane is real end-to-end (claim to running sandbox, proven in CI against mock engines and real Firecracker VMs, and exercised on a single-node Talos KVM cluster).\n\n**Husk-default scope, verified on a real KVM cluster:** warm-claim activate, blocking exec (`/v1/exec`\n\nwith correct stdout and exit code), `run_code`\n\nfailing closed with a clean `KernelUnavailable`\n\n(the husk base image lacks the kernel), self-heal / re-pend, pool warming plus demand autoscaling, live `SandboxFork`\n\n(the source husk pod snapshots its running VM and N child husk pods restore it via CoW, each an independent Ready child), durable forkable workspaces (create -> commit -> fork where the forked sandbox reads the committed state, hydrate/dehydrate of `/workspace`\n\nover the content-addressed store), and pod egress isolation (an in-pod default-deny nftables filter with an unconditional cloud-metadata block and a per-template allowlist: metadata-blocked, default-deny, and an allowlisted name reachable, all proven inside a restored VM with no node prerequisite) all work end to end on the husk default.\n\n**Tracked tails not yet fully on the husk default:** streaming exec and the interactive PTY (the guest agent baked into the husk template snapshot predates the vsock streaming/PTY frame protocol and needs a template rebuild, [#24](https://github.com/mitos-run/mitos/issues/24)); live-VM memory snapshot hooks for resumable workspace heads (gated behind `--workspace-memory-snapshots`\n\n, fail-loud); S3/encryption live store-selection (the live transport defaults to the node content-addressed store); the husk `{git}`\n\nworkspace push (best-effort on husk today, [#21](https://github.com/mitos-run/mitos/issues/21)); and multi-node N>1 (designed, single-node-verified, [#3](https://github.com/mitos-run/mitos/issues/3)).\n\n[ROADMAP.md](/mitos-run/mitos/blob/main/ROADMAP.md) is the single source for what is done, in progress, and gated; the operating rule is that this repository never describes a system that does not exist.\n\nPer-topic docs in [ docs/](/mitos-run/mitos/blob/main/docs):\n\n| Topic | Doc |\n|---|---|\n| Templates and OCI image to rootfs build |\n|\n\n[docs/volumes.md](/mitos-run/mitos/blob/main/docs/volumes.md)[docs/snapshot-format.md](/mitos-run/mitos/blob/main/docs/snapshot-format.md)[docs/snapshot-distribution.md](/mitos-run/mitos/blob/main/docs/snapshot-distribution.md)[docs/networking.md](/mitos-run/mitos/blob/main/docs/networking.md)[docs/encryption.md](/mitos-run/mitos/blob/main/docs/encryption.md)[docs/metering.md](/mitos-run/mitos/blob/main/docs/metering.md)[docs/scheduling.md](/mitos-run/mitos/blob/main/docs/scheduling.md)[docs/observability.md](/mitos-run/mitos/blob/main/docs/observability.md)[docs/failure-gc.md](/mitos-run/mitos/blob/main/docs/failure-gc.md)[docs/fork-correctness.md](/mitos-run/mitos/blob/main/docs/fork-correctness.md)[docs/workspaces.md](/mitos-run/mitos/blob/main/docs/workspaces.md)[docs/threat-model.md](/mitos-run/mitos/blob/main/docs/threat-model.md)`mitos`\n\nCLI[docs/cli.md](/mitos-run/mitos/blob/main/docs/cli.md)[docs/mcp.md](/mitos-run/mitos/blob/main/docs/mcp.md)[docs/platforms/talos-hetzner.md](/mitos-run/mitos/blob/main/docs/platforms/talos-hetzner.md)[docs/api/v2-spec.md](/mitos-run/mitos/blob/main/docs/api/v2-spec.md)[BENCHMARKS.md](/mitos-run/mitos/blob/main/BENCHMARKS.md)Contributions welcome. See [CONTRIBUTING.md](/mitos-run/mitos/blob/main/CONTRIBUTING.md) and [CLAUDE.md](/mitos-run/mitos/blob/main/CLAUDE.md) for conventions, and the [issues page](https://github.com/mitos-run/mitos/issues) for the work tracked against [ROADMAP.md](/mitos-run/mitos/blob/main/ROADMAP.md).\n\nThe threat model with per-boundary status lives in [docs/threat-model.md](/mitos-run/mitos/blob/main/docs/threat-model.md); no external security review has happened yet, and the document says exactly what is open. To report a vulnerability, see [SECURITY.md](/mitos-run/mitos/blob/main/SECURITY.md).", "url": "https://wpnews.pro/news/show-hn-mitos-n-way-live-copy-on-write-fork-of-running-firecracker-microvms", "canonical_source": "https://github.com/mitos-run/mitos", "published_at": "2026-06-20 16:19:47+00:00", "updated_at": "2026-06-20 16:37:20.322925+00:00", "lang": "en", "topics": ["ai-agents", "ai-infrastructure", "developer-tools", "ai-tools"], "entities": ["Mitos", "Firecracker", "Kubernetes", "KVM", "Hetzner", "Talos"], "alternates": {"html": "https://wpnews.pro/news/show-hn-mitos-n-way-live-copy-on-write-fork-of-running-firecracker-microvms", "markdown": "https://wpnews.pro/news/show-hn-mitos-n-way-live-copy-on-write-fork-of-running-firecracker-microvms.md", "text": "https://wpnews.pro/news/show-hn-mitos-n-way-live-copy-on-write-fork-of-running-firecracker-microvms.txt", "jsonld": "https://wpnews.pro/news/show-hn-mitos-n-way-live-copy-on-write-fork-of-running-firecracker-microvms.jsonld"}}