'/%3e%3cpath%20fill='none'%20stroke='%23FFF'%20stroke-miterlimit='10'%20d='m258.277%20184.829-.07%2028.477-82.285-47.519.069-28.477z'/%3e%3cpath%20fill='%23888'%20stroke='%23FFF'%20stroke-linecap='round'%20stroke-linejoin='round'%20stroke-miterlimit='10'%20d='m258.242%20199.05-40.881%2023.76-82.285-47.484%2040.88-23.76zM217.361%20222.81l-.035%2014.256-82.285-47.52.035-14.22z'/%3e%3cpath%20fill='%23888'%20stroke='%23FFF'%20stroke-linecap='round'%20stroke-linejoin='round'%20stroke-miterlimit='10'%20d='m258.242%20199.05-.035%2014.256-40.881%2023.76.035-14.256z'/%3e%3cpath%20fill='%232C001E'%20stroke='%23FFF'%20stroke-linecap='round'%20stroke-linejoin='round'%20stroke-miterlimit='10'%20d='m216.802%20161.14-.035%2014.186-40.706%2023.654.035-14.186z'/%3e%3cpath%20fill='%23CDCDCD'%20d='m216.802%20161.14-40.706%2023.654-40.985-23.654%2040.88-23.83zM176.096%20184.794l-.035%2014.186-40.985-23.654.035-14.186z'/%3e%3cpath%20fill='%23CDCDCD'%20d='m216.802%20161.14-.035%2014.186-40.706%2023.654.035-14.186z'/%3e%3cdefs%3e%3cpath%20id='c'%20d='m216.802%20175.326-40.741%2023.654-40.95-23.654%2040.88-23.76z'/%3e%3c/defs%3e%3cclipPath%20id='d'%3e%3cuse%20xlink:href='%23c'%20overflow='visible'/%3e%3c/clipPath%3e%3cpath%20fill='none'%20stroke='%23FFF'%20stroke-miterlimit='10'%20d='m216.802%20175.326-40.706%2023.654-40.985-23.654%2040.88-23.76z'%20clip-path='url(%23d)'/%3e%3cpath%20fill='none'%20stroke='%23FFF'%20stroke-miterlimit='10'%20d='m216.802%20175.326-40.741%2023.654-40.95-23.654%2040.88-23.76z'/%3e%3cdefs%3e%3cpath%20id='e'%20d='m216.837%20161.14-40.706%2023.654-40.985-23.654%2040.88-23.83z'/%3e%3c/defs%3e%3cclipPath%20id='f'%3e%3cuse%20xlink:href='%23e'%20overflow='visible'/%3e%3c/clipPath%3e%3cpath%20fill='none'%20stroke='%23FFF'%20stroke-miterlimit='10'%20d='m216.837%20161.14-40.706%2023.654-40.985-23.654%2040.88-23.83z'%20clip-path='url(%23f)'/%3e%3cpath%20fill='none'%20stroke='%23FFF'%20stroke-miterlimit='10'%20d='m216.837%20161.14-40.706%2023.654-40.985-23.654%2040.88-23.83z'/%3e%3cdefs%3e%3cpath%20id='g'%20d='m176.131%20184.794-.07%2014.186-40.95-23.654.035-14.186z'/%3e%3c/defs%3e%3cclipPath%20id='h'%3e%3cuse%20xlink:href='%23g'%20overflow='visible'/%3e%3c/clipPath%3e%3cpath%20fill='none'%20stroke='%23FFF'%20stroke-miterlimit='10'%20d='m176.131%20184.794-.035%2014.186-40.985-23.654.035-14.186z'%20clip-path='url(%23h)'/%3e%3cpath%20fill='none'%20stroke='%23FFF'%20stroke-miterlimit='10'%20d='m176.131%20184.794-.07%2014.186-40.95-23.654.035-14.186z'/%3e%3cdefs%3e%3cpath%20id='i'%20d='m135.146%20161.14%2040.88-23.83-.035%2014.256-40.88%2023.76z'/%3e%3c/defs%3e%3cclipPath%20id='j'%3e%3cuse%20xlink:href='%23i'%20overflow='visible'/%3e%3c/clipPath%3e%3cpath%20fill='none'%20stroke='%23FFF'%20stroke-miterlimit='10'%20d='m135.146%20161.14%2040.88-23.83-.035%2014.256-40.88%2023.76z'%20clip-path='url(%23j)'/%3e%3cpath%20fill='none'%20stroke='%23FFF'%20stroke-miterlimit='10'%20d='m135.146%20161.14%2040.88-23.83-.035%2014.256-40.88%2023.76z'/%3e%3cdefs%3e%3cpath%20id='k'%20d='m176.026%20137.31%2040.811%2023.83-.035%2014.186-40.811-23.76z'/%3e%3c/defs%3e%3cclipPath%20id='l'%3e%3cuse%20xlink:href='%23k'%20overflow='visible'/%3e%3c/clipPath%3e%3cpath%20fill='none'%20stroke='%23FFF'%20stroke-miterlimit='10'%20d='m176.026%20137.31%2040.811%2023.83-.035%2014.186-40.985-23.655z'%20clip-path='url(%23l)'/%3e%3cpath%20fill='none'%20stroke='%23FFF'%20stroke-miterlimit='10'%20d='m176.026%20137.31%2040.811%2023.83-.035%2014.186-40.811-23.76z'/%3e%3c/svg%3e)
/01 · cold boot
Milliseconds, not seconds.
Each sandbox boots a complete Debian userland with systemd as PID 1.
< 200 ms
cold boot → systemd readyInfrastructure for the Agentic Era.
Give your agents a full Linux machine. Boots in under 200 ms. No time limits, fully audited.
Start with $100 in free credits · No credit card required
import { Zunesha } from '@zuneshalabs/ts-sdk';const zun = new Zunesha({ apiKey: process.env.ZUNESHA_API_KEY });const sandbox = await zun.sandboxes.create({ image: 'zunesha/debian-13-claude-code/v1', cpu: 4, memory: '8Gi'});const run = await sandbox.run({ command: 'claude --task "audit pr 482"'});console.log(run.stdout);package mainimport ( "context" "fmt" "os" zunesha "github.com/zuneshalabs/go-sdk")func main() { ctx := context.Background() zun := zunesha.New(os.Getenv("ZUNESHA_API_KEY")) sb, _ := zun.Sandboxes.Create(ctx, &zunesha.CreateSandboxRequest{ Image: "zunesha/debian-13-claude-code/v1", CPU: 4, Memory: "8Gi", }) run, _ := sb.Run(ctx, "claude --task \"audit pr 482\"") fmt.Println(run.Stdout)}import osfrom zunesha import Zuneshazun = Zunesha(api_key=os.environ["ZUNESHA_API_KEY"])sandbox = zun.sandboxes.create( image="zunesha/debian-13-claude-code/v1", cpu=4, memory="8Gi",)run = sandbox.run(command='claude --task "audit pr 482"')print(run.stdout) How agents run on Zunesha.ai
Provisioning, execution, and audit. One workflow.
/01 provision
Provision a Linux sandbox
Pick an image, a region, and a resource size. Each sandbox provisions on its own in the background. No host setup, no per-team plumbing.
/02 execute
Execute agent work
Coding, ops, support, analysis: all with controlled tooling, scoped permissions, and live observability. Multiple agents can run side by side in the same workspace.
/03 review
Review & report
Inspect logs, approvals, artifacts, and the full execution history in one timeline. Snapshot the disk to keep evidence; branch it to retry safely.
/04 · differentiators Four primitives.
Four primitives.
One operator console.
/02 · isolation
Hard walls per workspace.
Each workspace is its own Incus project. Two workspaces on one host never observe each other.
/03 · snapshots
Fork the disk.
ZFS copy-on-write. Branch the disk per attempt, restore in seconds.
/04 · golden images & SDKs
Boot ready, not bare.
Pre-baked Debian 13 images for every major agent runtime. mise, git, systemd, and language toolchains already in the image.
Claude Code agent · golden image zunesha/debian-13-claude-code/v1
Codex agent · golden image zunesha/debian-13-codex/v1
OpenCode agent · golden image zunesha/debian-13-opencode/v1
OpenClaw agent · golden image zunesha/debian-13-openclaw/v1
Pi agent · golden image zunesha/debian-13-pi/v1
Debian 13 base os · trixie
mise toolchain · preinstalled
systemd init · service mgmt
Git vcs · ready to go
Go sdk · idiomatic
Python sdk · async-first
TypeScript sdk · node 20+
Comparison matrix
Most agent sandboxes run on Docker. Zunesha.ai runs on Incus.
OCI containers were built for human dev workflows. VMs were built for hard isolation at the cost of density. Incus gives you both, and Zunesha.ai is the operator console on top.
| Capability | OCI (Docker) | VMs | Incus · Zunesha.ai |
|---|---|---|---|
| Full Linux (systemd PID 1, apt, persistent state) | Partial support | Full support | Full support |
| Cold boot in milliseconds | Full support | Not supported | Full support |
| Long-running, no execution caps | Not supported | Not supported | Full support |
| High container density / low overhead | Full support | Not supported | Full support |
| ZFS snapshots & instant clones | Not supported | Partial support | Full support |
| Hard isolation (workspace + kernel namespaces) | Not supported | Full support | Full support |
| Root access inside the sandbox | Partial support | Full support | Full support |
| Safe for LLM-generated / untrusted code | Partial support | Full support | Full support |
| Signed execution audit trail | Not supported | Not supported | Full support |
| Pre-baked agent images (Claude Code, Codex, OpenCode) | Not supported | Not supported | Full support |
| Per-second metered billing | Partial support | Partial support | Full support |
Full Partial None
Global availability
Available globally. Pin a workspace to its region.
Workspaces are region-scoped at create time. Your sandboxes never leave the geography you chose. Useful for residency, latency, and the auditor's spreadsheet.
- Falkenstein, DEEU-CENTRAL
- Nuremberg, DEEU-CENTRAL-2
- Helsinki, FIEU-NORTH
- Ashburn, USUS-EAST
- Hillsboro, USUS-WEST
- Singapore, SGAP-SOUTHEAST
Pricing
Pricing built to scale.
Start free
$100 unified credits
Every account starts with free vCPU + RAM credits and 5 GB of always-free storage.
Pay as you go
True metered billing
Compute and storage bill only when workloads are running beyond the free baseline.
Unlock more pool
Capacity expands with spend
Verification, top-ups, and sustained usage unlock larger shared compute pools.
Start with $100 in free credits · No credit card required during waitlist.
Pool Unlock Tiers
Shared capacity expands with verification, top-ups, and sustained spend.
Tier
Tier 1
vCPU
4 vCPU
RAM
8 GiB
Unlock requirement
Email verified
Tier
Tier 2
vCPU
20 vCPU
RAM
40 GiB
Unlock requirement
CC on file + $25 top-up
Tier
Tier 3
vCPU
100 vCPU
RAM
200 GiB
Unlock requirement
$500 top-up
Tier
Tier 4
vCPU
500 vCPU
RAM
1,000 GiB
Unlock requirement
$2,000 / 30 days
Tier
Enterprise
vCPU
Custom
RAM
Custom
Unlock requirement
Contact sales
Resource Rates
Resource Per hour
GPU
Coming soon vCPU
$0.040/h RAM
$0.010/h Storage
$0.000108/hStorage remains free up to 5 GB for every account. Above that threshold, storage is metered continuously using the listed hourly and per-second rate.
FAQs
The questions operators actually ask.
Skim the deck. If your question isn't here, the docs go deeper. Or talk to us directly.
Every account starts with $100 in compute credits shared across vCPU and RAM. Storage has a separate 5 GB permanent free allowance, and only starts billing above that threshold. Credits do not expire during the alpha.
There is no monthly platform fee. Billing starts the moment a workload consumes vCPU or RAM above the free credit balance, metered per second. Storage bills per GB-hour once you exceed the 5 GB free tier.
Capacity unlocks progressively. Tier 1 is available after email verification. Tier 2 requires a card on file plus a $25 top-up. Tier 3 unlocks at $500 committed, Tier 4 at $2,000 sustained over 30 days. Enterprise is a custom agreement; contact us.
Incus is the open-source successor to LXD: a container and VM manager that gives each sandbox a full Linux system namespace with real systemd as PID 1. Unlike Docker-based sandboxes that share a kernel namespace, Incus containers boot a complete OS image in under 200 ms while keeping filesystem, network, and process namespaces strictly isolated. For agent workloads this means no shared kernel attack surface, per-second billing tied to actual container uptime, and ZFS-backed copy-on-write snapshots that branch instantly.
Yes. Each sandbox is a full Debian 13 system with systemd as PID 1. Your agent can run apt-get, install any package, start background daemons with systemctl, open ports, and run long-lived processes, exactly as on a real Linux machine. The golden images ship with mise, git, and common runtimes pre-installed so most agents start without needing to install anything.
Each workspace maps to a dedicated Incus project: a hard namespace boundary. Sandboxes in workspace A cannot see, reach, or share filesystem state with sandboxes in workspace B, even on the same host. Network traffic between workspaces is blocked at the virtual NIC layer. This is full project-level separation backed by the host kernel, not container-group isolation.
Snapshots use ZFS copy-on-write clones, so taking one is instant regardless of disk size; only changed blocks are stored. You can snapshot a running sandbox and branch it into independent clones: run one branch to completion, discard it, and retry from the snapshot. This is useful for replaying agent decisions, A/B testing tool configurations, or keeping a clean checkpoint before a risky operation.
Yes. A workspace is a multi-sandbox namespace, not a single container. You can provision dozens of sandboxes simultaneously, each with its own vCPU, RAM, and filesystem allocation. Each sandbox provisions independently, and the audit timeline tracks every execution history separately.
By default the sandbox stops. It moves to the stopped state and billing for compute pauses. The filesystem is preserved so you can inspect artifacts, take a snapshot, or restart later. You can also mark a sandbox to delete on completion so it cleans up automatically.
Golden images ship pre-configured for Claude Code (Anthropic), Codex (OpenAI), OpenCode, and OpenClaw. Each image sets the environment variables, installs the relevant CLI/SDK, and configures sensible workspace defaults. You can also bring your own Debian-based image and install any framework manually.
Sandboxes provide strong isolation: each runs in its own Incus container with dedicated kernel namespaces, no access to the host filesystem, and no cross-workspace networking. LLM-generated code running inside a sandbox cannot escape to the host or other workspaces. For additional safety you can restrict the sandbox's network policy and audit every command via the signed execution timeline.
Access is controlled by workspace membership roles: Owner, Admin, and Member. Members can view and interact with sandboxes; Admins can create, delete, and configure them; Owners have full control including workspace deletion. All access is mediated by JWT-authenticated RPC calls. Audit logs record every action with the acting user's identity.
Run agents your team can trust.
We're letting teams in as capacity opens up. Tell us what you're shipping and we'll reach out within 24 hours.
→ 24h response → $100 free credits on join → No credit card to evaluate
Join the waitlist
Get notified when we open the next wave of access.