Coding agent
Use this pattern when an agent needs to inspect or modify a project but should not run directly in the host process.
Prepare a workspace
Section titled “Prepare a workspace”Create a narrow project directory for the task. Avoid mounting $HOME, SSH agent sockets, cloud credentials, browser profiles, or unrelated repositories.
mkdir -p /tmp/mvm-agent-workcp -R ./src /tmp/mvm-agent-work/srcBuild the runtime
Section titled “Build the runtime”Prefer a Nix flake that declares the tools the agent needs:
mvmctl build --flake .For local development through this repository, the builder VM is the Linux build boundary. The runtime guest later boots the built artifact.
Run the task
Section titled “Run the task”mvmctl up --flake . --name coding-agentmvmctl exec coding-agent -- bash -lc 'cd /work && python task.py'Use file transfer or a narrow mount for input/output. Keep generated patches and logs outside broad host write access.
Network policy
Section titled “Network policy”Start with no egress for code analysis. If the task needs registries or model APIs, add only those destinations and record why they are needed.
Persist or discard state
Section titled “Persist or discard state”Use cold mode only when the agent needs to resume an environment with installed packages, caches, or intermediate files.
mvmctl pause coding-agentmvmctl resume coding-agentUse mvmctl down and cleanup commands when the task is complete.
Security checklist
Section titled “Security checklist”- Do not pass long-lived credentials as plaintext environment variables.
- Keep host mounts narrow and read-only unless write access is required.
- Treat command output and logs as sensitive.
- Keep network allowlists task-specific.
- Save snapshots only when the task requires recoverable state.