In-Process Agent VM with 6ms Cold Starts and Zero Container Overhead
Direct alternative to Firecracker microVMs for agent execution — 92x faster cold starts, same deny-by-default security model, npm package instead of kernel/rootfs assets
agentOS from Rivet is a portable agent execution runtime built on V8 isolates and WebAssembly that runs inside your Node.js process — no VMs to boot, no containers to pull. Cold starts at p50 are 4.8ms. Compare that to E2B’s 440ms p50. It’s not a marginal improvement. It’s a different category of thing.
The architecture is wild in a good way: a kernel written in JavaScript manages a virtual filesystem, process table, pipes, PTYs, and a virtual network stack. POSIX utilities (coreutils, grep, sed, and 80+ more) are compiled to WASM and mount into that kernel. Agent code runs in sandboxed V8 isolates. Nothing executes on the host. The whole thing ships as an npm package.
This is directly relevant to the Firecracker microVM work in joelclaw’s workload rig. The restate-worker pod currently runs Firecracker for agent sandboxing with ~9ms snapshot restore — which is already fast. agentOS claims 4.8ms p50 with no snapshot management, no firecracker-images PVC, no /dev/kvm dependency. The memory story is equally compelling: 131MB for a full coding agent with MCP and filesystem vs 1GB+ for a typical sandbox minimum. At joelclaw’s scale this is mostly philosophical, but the operational simplicity is real.
It supports Pi natively today — @rivet-dev/agent-os-pi is an existing package — with Claude Code, Codex, Amp, and OpenCode listed as coming soon. The “host tools” primitive is the clever bit: you define JavaScript functions that agents call as CLI commands inside the VM, meaning your backend logic is callable without network hops or auth wiring between services. That’s a clean answer to the “how does the agent talk to my system” problem that usually ends up as a mess of HTTP endpoints.
Key Ideas
- V8 isolates + WASM kernel — not a Linux container, not a hypervisor. A JavaScript-native OS with POSIX compatibility compiled from C/Rust to WASM
- 4.8ms p50 cold start vs 440ms for E2B — 92x faster, and that’s comparing against the fastest existing sandbox provider
- ~131MB memory for a full coding agent (Pi + MCP + filesystem) vs ~1GB minimum for sandbox providers like Daytona
- Host tools pattern — define JS functions that agents call as CLI commands inside the VM; agents embed into your backend rather than talking to it over HTTP
- ACP (Agent Communication Protocol) for session management — create, manage, and resume sessions with a standard protocol
- Multiplayer agent sessions — multiple clients can observe and collaborate with the same agent in real time
- Sandbox escape hatch — can pair with full sandboxes (E2B, Daytona) via the sandbox extension for workloads that need native binaries or browser automation
- Pi support ships today via
@rivet-dev/agent-os-pi; Claude Code, Codex, Amp, OpenCode are on the roadmap - Apache 2.0 — self-hostable, not locked to Rivet Cloud
- Monorepo built on Turborepo with Rust crates for the V8 runtime and bridge layer — the
crates/directory hasv8-runtime,kernel,execution, andbridge
Links
- agentOS GitHub
- Rivet
- agentOS Documentation
- Quickstart
- agentOS Registry
- Agent Communication Protocol (ACP)
- Pi (badlogic/pi-mono)
- E2B — sandbox comparison baseline
- Daytona — cost comparison baseline
- joelclaw Firecracker ADR — existing microVM infrastructure this relates to
- CascadiaJS — the talk project Joel connected this to